Integrate Kisi with JumpCloud

info

This is a Kisi-built integration, maintained and supported by Kisi.

As a Kisi organization owner you can set up JumpCloud single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your JumpCloud directory members and groups with SCIM.

Kisi organizations with single sign-on (SSO) can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.

Prerequisites

• a Kisi organization owner account
• a valid and activated SSO license

Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.

Enable SSO on JumpCloud

Set up the integration in JumpCloud

1. Sign in to JumpCloud
2. Navigate to SSO and click on the + sign
3. In the search field, start typing SAML 2.0 and click on Configure
4. In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:

• Display Label: Define your application's name (eg. Kisi SSO)
• IdP Entity ID: https://api.kisi.io/saml/metadata
• SP Entity ID: https://api.kisi.io/saml/metadata
• ACS URL: https://api.kisi.io/saml/consume/<your-kisi-domain>. (You can find your Kisi organization domain under Organization Setup > Settings)
• SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM
• SAMLSubject NameID: email
• SAMLSubject NameID Format: urn:oasis:names:SAML:2.0:nameid-format:persistent
• Signature Algorithm: RSA-SHA256
• Sign Assertion: Check
• Default RelayState: Leave empty
• IdP-Initiated URL: Leave empty
• Declare Redirect Endpoint: Don't check
• Attributes - User Attribute Mapping:
  • Required by Kisi: Email - email
  • Optional: FirstName - firstname and LastName - lastname

5. Click Activate
6. Under Details > Single-Sign On, click Export Metadata
7. Under the User Groups tab, assign users to the Kisi Application
8. Click Save

Set up the integration in Kisi

1. Sign in to Kisi as the organization owner
2. Under Organization Setup, click on SSO & SCIM
3. Upload the Metadata file you have exported in JumpCloud
4. Click Save
5. Click on Generate Certificate

Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.

1. Under Details > Single-Sign On, click on Replace SP Certificate
2. Click Save

Enable SCIM on JumpCloud

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and enable SCIM for your organization.

Generate your SCIM Token in Kisi

1. Go back to Kisi
2. Under Organization setup, click on SSO & SCIM
3. Enable SCIM and click on Generate Token
4. Copy the token (shown once)

Set up SCIM with JumpCloud

1. Sign in to JumpCloud
2. Navigate to SSO and click on the Kisi SSO app
3. Click on the Identity Management tab (at the top)
4. Enter the Base URL: https://api.kisi.io/scim/v2
5. Under Token Key, enter the token that you previously generated in Kisi
6. To synchronize both groups and users, select Enable management of User Groups and Group Membership (recommended)
7. Click Test to test the integration
8. Click Activate to enable the integration
9. Click Save

Import users from JumpCloud Directory

Customers who don't yet have SSO set up can still import users from their JumpCloud Directory by manually setting up the integration. We recommend, however, setting up SSO to allow your Kisi users to log in with their single, existing credentials.

To be able to set this integration up, you need to have a JumpCloud account.

Get the JumpCloud Directory API key

1. Sign in to your JumpCloud Administrator Console
2. At the top, click on your profile and select API Settings
3. Copy the API key

If you are a Jumpcloud Multi-Tenant Portal user, you also need the Organization ID. To get this, navigate to Settings > Organization ID.

Set up the integration in Kisi

1. Sign in to Kisi as the organization owner
2. Under Organization Setup, select Integrations and click Add Integration
3. Enter a name, open the Type dropdown and select JumpCloud Directory User Import
4. Enter the API Key you obtained before
5. For Jumpcloud Multi-Tenant Portal users, enter the Organization ID obtained earlier. Otherwise leave the field blank
6. After validating the API Key, Kisi will show you a list of Jumpcloud groups to select from
7. Select the Kisi group you want to import to
8. Enable the integration
9. Click Add

Related articles

• Share, change or remove access rights