> For the complete documentation index, see [llms.txt](https://support.goodaccess.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://support.goodaccess.com/configuration-guides/features/sso-scim/jumpcloud.md).

# JumpCloud

{% hint style="info" %}
This feature is available in the **Premium plan and higher**.
{% endhint %}

{% hint style="danger" %}
**Remember to** [**grant your JumpCloud users access permissions**](#step-3-managing-user-access) **to GoodAccess. Users without them won't be able to log in.**
{% endhint %}

## Step 1 - Adding a new identity provider

[Log in to the GoodAccess **Control Panel**, and go to **Settings** > **SSO & Identity**.](https://app.goodaccess.com/sso-and-identity/)

Click **+ Add provider**, enter the **Provider name**, choose your **Identity Provider**, and click **Continue**.

## Step 2 - Setting up Single Sign-On with SAML

Log in to the [JumpCloud Admin console](https://console.jumpcloud.com/login/admin), and go to **User Authentication** > **SSO Applications**.

Click **+ Add New Application**, select **Custom Application**, and click **Next**.

Select **Manage Single Sign-On (SSO)** > **Configure SSO with SAML**, and click **Next**.

Give the application a name, and click **Save Application**.

Click **Configure Application**.

<figure><img src="/files/4oxNdSz2ffmqdgbwRpId" alt="JumpCloud Admin console with key steps to adding a new custom SAML application."><figcaption><p>Adding a new custom SAML application</p></figcaption></figure>

<figure><img src="/files/JuqgpW0dJ2BQCDKCTv0B" alt="JumpCloud Admin console with key steps to adding a new custom SAML application."><figcaption><p>Adding a new custom SAML application</p></figcaption></figure>

<figure><img src="/files/hF72pSAoFcDhMtjzmhgU" alt="JumpCloud Admin console with key steps to adding a new custom SAML application."><figcaption><p>Adding a new custom SAML application</p></figcaption></figure>

### 1. Single Sign-On Configuration

Copy the details from GoodAccess - **(2) GoodAccess links**.

* **SP Entity ID** - Entity ID
* **ACS URLs** - Assertion Consumer Service URL
* **SAMLSubject NameID** - email
* **SAMLSubject NameID Format** - urn:oasis:names:tc:**SAML:2.0**:nameid-format:**unspecified**
* **Signature Algorithm** - RSA-SHA256
* **Default Relay State** - Relay State
* **Login URL** - Login URL

Return to GoodAccess, and click **Continue**.

Return to JumpCloud.

### 2. Attributes

Click **add attribute**, and add the following attribute:

| Service Provider Attribute Name | JumpCloud Attribute Name |
| ------------------------------- | ------------------------ |
| "email" (without quotes)        | email                    |

### 3. Setting up GoodAccess

Click **Copy Metadata URL**, and open the URL in a new tab.

Copy the details to GoodAccess - **(3) Identity Provider links**, and click **Continue**.

* **Sign in URL** - IDP URL
* **Entity ID** - IdP Entity ID (choose a name)
* **X509 signing certificate** - Copy the certificate from the new tab

Return to JumpCloud, and click **Save**.

<figure><img src="/files/63XPq1CrJqbScJ2uznQ4" alt="JumpCloud Admin console with key steps to setting up Single Sign-On."><figcaption><p>Setting up Single Sign-On</p></figcaption></figure>

<figure><img src="/files/JR9sXGU5XcxIM4FNI7sj" alt="JumpCloud Admin console with key steps to setting up Single Sign-On."><figcaption><p>Setting up Single Sign-On</p></figcaption></figure>

<figure><img src="/files/Zze1788QYBOXTgOTFHNk" alt="XML file in web browser highlighting the X509 signing certificate."><figcaption><p>Copying the certificate from the new tab</p></figcaption></figure>

{% hint style="info" %}
If you don't want to setup SCIM, skip the next step in GoodAccess, and click **Submit** to finish the configuration.
{% endhint %}

You have now successfully set up your JumpCloud SSO with GoodAccess.

## Step 3 (optional) - Setting up SCIM

In the application, go to **Identity Management**.

Copy the **URL** and **Token** from GoodAccess - **(4) User provisioning (SCIM)**.

* **API Type** - SCIM API
* **SCIM Version** - SCIM 2.0
* **Base URL** - URL
* **Token Key** - Token
* **Test User Email** - Enter any email address (e.g. <test@test.com>)

Return to GoodAccess, and click **Submit**.

Return to JumpCloud, and click **Test Connection**.

Click **Activate**, and **Save** to finish the configuration.

<figure><img src="/files/E8FKnOi7xk0IHy2h59FR" alt="JumpCloud Admin console with key steps to setting up SCIM."><figcaption><p>Setting up SCIM</p></figcaption></figure>

{% hint style="info" %}
The whole provisioning process will take around **20 minutes** to complete depending on the number of members and groups being added.
{% endhint %}

You have now successfully set up JumpCloud SCIM with GoodAccess.

## Step 4 - Managing user access

In the application, go to **User Groups**.

Choose who should have access, and click **Save**.

<figure><img src="/files/pAvPxEjhLeARLONa5wvN" alt="JumpCloud Admin console with key steps to managing user access."><figcaption><p>Managing user access</p></figcaption></figure>
