JumpCloud Directory

This guide helps administrators sync their JumpCloud directory with an application they want to onboard to their organization. Integrating your application with JumpCloud automates user management tasks and ensures access rights stay up-to-date.

This registration sets up the following:

1. Endpoint: This is the URL where JumpCloud sends requests to the onboarded app, acting as a communication point between them.
2. Bearer Token: Used by JumpCloud to authenticate its requests to the endpoint, ensuring security and authorization.

These components enable seamless synchronization between your application and the JumpCloud directory.

1. Create an endpoint and API token

   Open the Admin Portal and select the “SCIM Provisioning” tab. A list of Directory Providers will be displayed. Choose “JumpCloud” as your Directory Provider. If the Admin Portal is not accessible from the app, request instructions from the app owner.

   

   

   This action will generate an Endpoint URL and Bearer token for your organization, allowing the app to listen to events and maintain synchronization with your organization.

2. Add a new application in JumpCloud

   Go to the JumpCloud Admin Portal > SSO Applications and click on ”+ Add New Application.”

   

   Create a custom application by trying to do an non-existent application search.

   

   Click “Next” and choose the features you would like to enable. Since your application wants to provision new users and user updates from JumpCloud, select “Export users to this app (Identity Management)”

   

   Finally, enter the general info such as display name (this example uses “YourApp”) and click “Save Application”

   

3. Configure provisioning settings

   Click on “Configure Application” and proceed to configure the application settings. This opens a modal with “Identity Management” selected. Enter the Endpoint URL and Bearer Token provided in the Step 1.

   

4. Configure group management

   JumpCloud uses groups as the primary way provision users to your application.

   

   Click “Activate” and then “Save”.

5. Assign users and groups

   To assign users to the newly integrated application:

   

   1. Go to “SSO Applications” and select the application you created. This opens an Modal. Select the User Group and click on “Save”.
   2. Click on the “User Groups” tab and select the apps you want to assign to this group of users.
   3. If you don’t have groups you can create one from “User Groups” tab. In this example, we have created a group called “YourApp Users” and assigned the “YourApp” app to it.
   4. Click on “Save Group” to save the changes.
   5. Now try adding a user to the group. If you don’t have users, you can create one from “Users” tab.

   Tip

   Make sure to organize your users into groups for easier management and assignment of permissions.

6. Group based Role Assignment Configuration

   To automatically assign roles to users based on their group membership, configure appropriate group to role mapping in the SCIM Configuration Portal.

7. Verify successful connection

   After completing these steps, verify that the users and groups are successfully synced by visiting Users and Groups tab in the Admin Portal.

   

   Note

   When an group is disassociated from an app in JumpCloud (“YourApp”), JumpCloud sends an group update event that unassigns all the group users to your app. However, the group association is not removed automatically.