Skip to main content

JumpCloud

As a Kisi organization owner you can set up JumpCloud single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your JumpCloud directory members and groups with SCIM.

Enable SSO on JumpCloud

Set up the integration in JumpCloud

  1. Sign in to JumpCloud
  2. Navigate to SSO and click on the + sign
  3. In the search field, start typing SAML 2.0 and click on Configure
  4. In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:
  • Display Label: Define your application's name (eg. Kisi SSO)
  • IdP Entity ID: https://api.kisi.io/saml/metadata
  • SP Entity ID: https://api.kisi.io/saml/metadata
  • ACS URL: https://api.kisi.io/saml/consume/<your-kisi-domain>. (You can find your Kisi organization domain under Organization Setup > Settings)
  • SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM
  • SAMLSubject NameID: email
  • SAMLSubject NameID Format: urn:oasis:names:SAML:2.0:nameid-format:persistent
  • Signature Algorithm: RSA-SHA256
  • Sign Assertion: Check
  • Default RelayState: Leave empty
  • IdP-Initiated URL: Leave empty
  • Declare Redirect Endpoint: Don't check
  • Attributes - User Attribute Mapping:
    • Required by Kisi: Email - email
    • Optional: FirstName - firstname and LastName - lastname
  1. Click Activate
  2. Under Details > Single-Sign On, click Export Metadata
  3. Under the User Groups tab, assign users to the Kisi Application
  4. Click Save

Set up the integration in Kisi

  1. Sign in to Kisi
  2. Under Organization Setup, click on SSO & SCIM
  3. Upload the Metadata file you have exported in JumpCloud
  4. Click Save
  5. Click on Generate Certificate

Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.

  1. Under Details > Single-Sign On, click on Replace SP Certificate
  2. Click Save

Enable SCIM on JumpCloud

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and enable SCIM for your organization.

Generate your SCIM Token in Kisi

  1. Sign in to Kisi
  2. Under Organization setup, click on SSO & SCIM
  3. Enable SCIM and click on Generate Token
  4. Copy the token (shown once)

Set up SCIM with JumpCloud

  1. Sign in to JumpCloud
  2. Navigate to SSO and click on the Kisi SSO app
  3. Click on the Identity Management tab (at the top)
  4. Enter the Base URL: https://api.kisi.io/scim/v2
  5. Under Token Key, enter the token that you previously generated in Kisi
  6. To synchronize both groups and users, select Enable management of User Groups and Group Membership (recommended)
  7. Click Test to test the integration
  8. Click Activate to enable the integration
  9. Click Save