# JumpCloud {% hint style="info" %} This feature is available in the **Premium plan and higher**. {% endhint %} {% hint style="danger" %} **Remember to** [**grant your JumpCloud users access permissions**](#step-3-managing-user-access) **to GoodAccess. Users without them won't be able to log in.** {% endhint %} ## Step 1 - Adding a new identity provider [Log in to the GoodAccess **Control Panel**, and go to **Settings** > **SSO & Identity**.](https://app.goodaccess.com/sso-and-identity/) Click **+ Add provider**, enter the **Provider name**, choose your **Identity Provider**, and click **Continue**. ## Step 2 - Setting up Single Sign-On with SAML Log in to the [JumpCloud Admin console](https://console.jumpcloud.com/login/admin), and go to **User Authentication** > **SSO Applications**. Click **+ Add New Application**, select **Custom Application**, and click **Next**. Select **Manage Single Sign-On (SSO)** > **Configure SSO with SAML**, and click **Next**. Give the application a name, and click **Save Application**. Click **Configure Application**.

JumpCloud Admin console with key steps to adding a new custom SAML application. — Adding a new custom SAML application

### 1. Single Sign-On Configuration Copy the details from GoodAccess - **(2) GoodAccess links**. * **SP Entity ID** - Entity ID * **ACS URLs** - Assertion Consumer Service URL * **SAMLSubject NameID** - email * **SAMLSubject NameID Format** - urn:oasis:names:tc:**SAML:2.0**:nameid-format:**unspecified** * **Signature Algorithm** - RSA-SHA256 * **Default Relay State** - Relay State * **Login URL** - Login URL Return to GoodAccess, and click **Continue**. Return to JumpCloud. ### 2. Attributes Click **add attribute**, and add the following attribute: | Service Provider Attribute Name | JumpCloud Attribute Name | | ------------------------------- | ------------------------ | | "email" (without quotes) | email | ### 3. Setting up GoodAccess Click **Copy Metadata URL**, and open the URL in a new tab. Copy the details to GoodAccess - **(3) Identity Provider links**, and click **Continue**. * **Sign in URL** - IDP URL * **Entity ID** - IdP Entity ID (choose a name) * **X509 signing certificate** - Copy the certificate from the new tab Return to JumpCloud, and click **Save**.

JumpCloud Admin console with key steps to setting up Single Sign-On. — Setting up Single Sign-On

XML file in web browser highlighting the X509 signing certificate. — Copying the certificate from the new tab

{% hint style="info" %} If you don't want to setup SCIM, skip the next step in GoodAccess, and click **Submit** to finish the configuration. {% endhint %} You have now successfully set up your JumpCloud SSO with GoodAccess. ## Step 3 (optional) - Setting up SCIM In the application, go to **Identity Management**. Copy the **URL** and **Token** from GoodAccess - **(4) User provisioning (SCIM)**. * **API Type** - SCIM API * **SCIM Version** - SCIM 2.0 * **Base URL** - URL * **Token Key** - Token * **Test User Email** - Enter any email address (e.g. ) Return to GoodAccess, and click **Submit**. Return to JumpCloud, and click **Test Connection**. Click **Activate**, and **Save** to finish the configuration.

JumpCloud Admin console with key steps to setting up SCIM. — Setting up SCIM

{% hint style="info" %} The whole provisioning process will take around **20 minutes** to complete depending on the number of members and groups being added. {% endhint %} You have now successfully set up JumpCloud SCIM with GoodAccess. ## Step 4 - Managing user access In the application, go to **User Groups**. Choose who should have access, and click **Save**.

JumpCloud Admin console with key steps to managing user access. — Managing user access