# JumpCloud {% hint style="info" %} This feature is available in the **Premium plan and higher**. {% endhint %} {% hint style="danger" %} **Remember to** [**grant your JumpCloud users access permissions**](#step-3-managing-user-access) **to GoodAccess. Users without them won't be able to log in.** {% endhint %} ## Step 1 - Adding a new identity provider [Log in to the GoodAccess **Control Panel**, and go to **Settings** > **SSO & Identity**.](https://app.goodaccess.com/sso-and-identity/) Click **+ Add provider**, enter the **Provider name**, choose your **Identity Provider**, and click **Continue**. ## Step 2 - Setting up Single Sign-On with SAML Log in to the [JumpCloud Admin console](https://console.jumpcloud.com/login/admin), and go to **User Authentication** > **SSO Applications**. Click **+ Add New Application**, select **Custom Application**, and click **Next**. Select **Manage Single Sign-On (SSO)** > **Configure SSO with SAML**, and click **Next**. Give the application a name, and click **Save Application**. Click **Configure Application**.

JumpCloud Admin console with key steps to adding a new custom SAML application. — Adding a new custom SAML application

### 1. Single Sign-On Configuration Copy the details from GoodAccess - **(2) GoodAccess links**. * **SP Entity ID** - Entity ID * **ACS URLs** - Assertion Consumer Service URL * **SAMLSubject NameID** - email * **SAMLSubject NameID Format** - urn:oasis:names:tc:**SAML:2.0**:nameid-format:**unspecified** * **Signature Algorithm** - RSA-SHA256 * **Default Relay State** - Relay State * **Login URL** - Login URL Return to GoodAccess, and click **Continue**. Return to JumpCloud. ### 2. Attributes Click **add attribute**, and add the following attribute: | Service Provider Attribute Name | JumpCloud Attribute Name | | ------------------------------- | ------------------------ | | "email" (without quotes) | email | ### 3. Setting up GoodAccess Click **Copy Metadata URL**, and open the URL in a new tab. Copy the details to GoodAccess - **(3) Identity Provider links**, and click **Continue**. * **Sign in URL** - IDP URL * **Entity ID** - IdP Entity ID (choose a name) * **X509 signing certificate** - Copy the certificate from the new tab Return to JumpCloud, and click **Save**.

JumpCloud Admin console with key steps to setting up Single Sign-On. — Setting up Single Sign-On

XML file in web browser highlighting the X509 signing certificate. — Copying the certificate from the new tab

{% hint style="info" %} If you don't want to setup SCIM, skip the next step in GoodAccess, and click **Submit** to finish the configuration. {% endhint %} You have now successfully set up your JumpCloud SSO with GoodAccess. ## Step 3 (optional) - Setting up SCIM In the application, go to **Identity Management**. Copy the **URL** and **Token** from GoodAccess - **(4) User provisioning (SCIM)**. * **API Type** - SCIM API * **SCIM Version** - SCIM 2.0 * **Base URL** - URL * **Token Key** - Token * **Test User Email** - Enter any email address (e.g. ) Return to GoodAccess, and click **Submit**. Return to JumpCloud, and click **Test Connection**. Click **Activate**, and **Save** to finish the configuration.

JumpCloud Admin console with key steps to setting up SCIM. — Setting up SCIM

{% hint style="info" %} The whole provisioning process will take around **20 minutes** to complete depending on the number of members and groups being added. {% endhint %} You have now successfully set up JumpCloud SCIM with GoodAccess. ## Step 4 - Managing user access In the application, go to **User Groups**. Choose who should have access, and click **Save**.

JumpCloud Admin console with key steps to managing user access. — Managing user access

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.goodaccess.com/configuration-guides/features/sso-scim/jumpcloud.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.