JumpCloud
As a Kisi organization owner you can set up JumpCloud single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your JumpCloud directory members and groups with SCIM.
Enable SSO on JumpCloud
Set up the integration in JumpCloud
- Sign in to JumpCloud
- Navigate to SSO and click on the + sign
- In the search field, start typing SAML 2.0 and click on Configure
- In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:
- Display Label: Define your application's name (eg. Kisi SSO)
- IdP Entity ID:
https://api.kisi.io/saml/metadata
- SP Entity ID:
https://api.kisi.io/saml/metadata
- ACS URL:
https://api.kisi.io/saml/consume/<your-kisi-domain>
. (You can find your Kisi organization domain under Organization Setup > Settings) - SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM
- SAMLSubject NameID:
email
- SAMLSubject NameID Format:
urn:oasis:names:SAML:2.0:nameid-format:persistent
- Signature Algorithm:
RSA-SHA256
- Sign Assertion: Check
- Default RelayState: Leave empty
- IdP-Initiated URL: Leave empty
- Declare Redirect Endpoint: Don't check
- Attributes - User Attribute Mapping:
- Required by Kisi:
Email
-email
- Optional: FirstName - firstname and LastName - lastname
- Required by Kisi:
- Click Activate
- Under Details > Single-Sign On, click Export Metadata
- Under the User Groups tab, assign users to the Kisi Application
- Click Save
Set up the integration in Kisi
- Sign in to Kisi
- Under Organization Setup, click on SSO & SCIM
- Upload the Metadata file you have exported in JumpCloud
- Click Save
- Click on Generate Certificate
Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.
- Under Details > Single-Sign On, click on Replace SP Certificate
- Click Save
Enable SCIM on JumpCloud
Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and enable SCIM for your organization.
Generate your SCIM Token in Kisi
- Sign in to Kisi
- Under Organization setup, click on SSO & SCIM
- Enable SCIM and click on Generate Token
- Copy the token (shown once)
Set up SCIM with JumpCloud
- Sign in to JumpCloud
- Navigate to SSO and click on the Kisi SSO app
- Click on the Identity Management tab (at the top)
- Enter the Base URL:
https://api.kisi.io/scim/v2
- Under Token Key, enter the token that you previously generated in Kisi
- To synchronize both groups and users, select Enable management of User Groups and Group Membership (recommended)
- Click Test to test the integration
- Click Activate to enable the integration
- Click Save