Integrate Kisi with JumpCloud SSO
This is a Kisi-built integration, maintained and supported by Kisi.
As a Kisi organization owner you can set up JumpCloud single sign-on (SSO) for your Kisi users. In addition to your SSO integration, you can:
- set up SCIM provisioning to easily and securely sync identities between your IdP and Kisi
- optionally enable authentication with password for individual users, providing flexibility as needed
Prerequisites
- a Kisi organization owner account
- a valid and activated SSO license
Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.
Set up the integration in JumpCloud
- Sign in to JumpCloud
- Navigate to SSO and click on the + sign
- In the search field, start typing SAML 2.0 and click on Configure
- In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:
- Display Label: Define your application's name (eg. Kisi SSO)
- IdP Entity ID:
https://api.kisi.io/saml/metadata
- SP Entity ID:
https://api.kisi.io/saml/metadata
- ACS URL:
https://api.kisi.io/saml/consume/<your-kisi-domain>
. (You can find your Kisi organization domain under Settings > General) - SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM
- SAMLSubject NameID:
email
- SAMLSubject NameID Format:
urn:oasis:names:SAML:2.0:nameid-format:persistent
- Signature Algorithm:
RSA-SHA256
- Sign Assertion: Check
- Default RelayState: Leave empty
- IdP-Initiated URL: Leave empty
- Declare Redirect Endpoint: Don't check
- Attributes - User Attribute Mapping:
- Required by Kisi:
Email
-email
- Optional: FirstName - firstname and LastName - lastname
- Required by Kisi:
- Click Activate
- Under Details > Single-Sign On, click Export Metadata
- Under the User Groups tab, assign users to the Kisi Application
- Click Save
Set up the integration in Kisi
- Sign in to Kisi as the organization owner
- Navigate to Settings and click on SSO & SCIM
- Upload the Metadata file you have exported in JumpCloud
- Click Save
- Click on Generate Certificate Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.
- Under Details > Single-Sign On, click on Replace SP Certificate
- Click Save
To further control your SSO integration, you can set up SCIM provisioning. This will help you to easily and securely sync identities between your IdP and Kisi.
Flexible authentication: SSO or password
Kisi organizations with Single Sign-On (SSO) enabled can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.
User removal impact on event logs
If you're utilizing a Single Sign-On (SSO) platform and an employee is removed, upon reviewing the Event history, the logs related to that user will continue displaying the user's name, even though they've been removed from the system.