⇐ Back to FAQs

How do I configure SSO with JumpCloud?

1) Log into JumpCloud as an administrator.

2) Under “User Authentication” click, “SSO” and click the green plus button to add a new application.

jumpcloud1

3) Next, towards the bottom, click “Custom SAML App

jumpcloud8

4) Next, use “Reftab” as the display label and click “Activate

jumpcloud9

5) Next, click “Continue”

jumpcloud10

6) Next, on the Single Sign-On Configuration tab. Fill out the inputs:

IDP ENTITY ID: This is a unique, case-sensitive identifier used by JumpCloud for Reftab. This value should match the value specified in the Entity ID field of Reftab. Your domain name, SSO Connect server name or IP address are possible examples.

SP Entity ID: https://www.reftab.com/

ACS URL:  https://www.reftab.com/api/sso

SAMLSubject Name ID: email

SAMLSubject Name ID Format: urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified

Signature Algorithm: RSA-SHA256

IDP URL: https://sso.jumpcloud.com/saml2/saml

jumpcloud4updatedtwo
jumpcloud6

7) Next, under “Attributes” click “Add Attribute” 

You’ll add at least the following two User Attributes:

for the Service Provider Attribute Name:

a) displayname

b) email

for the JumpCloud Attribute Name:

a) displayname

b) email

jumpcloud5

8) Click “Save“.

jumpcloud11

9) Once saved, you’ll want to download the certificate because this will be pasted into Reftab. Click “IDP Certificate Valid” > “Download Certificate

jumpcloud12
jumpcloud13

The Cert will download as a .pem file. Right click on it and open with note pad or text editor. Copy the contents to your clipboard.

10) Next, log into Reftab as an administrator and click “Settings” > “SAML Settings” > “Provide Settings Manually

jumpcloud14

11)  Click, “Add New Domain

jumpcloud15

12) Here you will configure your domain to use SSO with JumpCloud.

DomainYour domain

IDP Entity ID: This must match to what you provided in step 6 above for IDP Entity ID in JumpCloud

URI Endpoint: https://sso.jumpcloud.com/saml2/saml

Bind Method: HTTP-Redirect

Email Attribute: email

Attribute To Identify User’s Name: displayname

Certificate: Paste in the text from step 9 above

jumpcloud7

Click “Save SAML Settings” when done.

13) Next, log out and on the Reftab login page: https://www.reftab.com/login start typing an email address from your domain. You should see the Reftab login screen present you with a button to “Login with Single Sign-On“. Login with your company credentials.

jumpcloud16

⇐ Back to FAQs