Skip to main content

How to set SSO integration using JumpCloud

Written by Ian Maison

Pre-requisites:

  • QL Server 2.7 and above.

  • SAML 2.0

On JumpCloud, login with a console administrator, then select “SSO” and click the “+” button to add an application.

2. Click the button “Custom SAML App”.


3. On “General Info” tab, give the application the name of your choice


4. On “SSO” tab, add the Navori service URL under “IdP Entity ID”, “SP Entity ID”, and “ACS URL” respecting the following convention: https://[your_IP_or_DNS]/NavoriService/ADFS.aspx

Note: If you're on Navori's SAAS/Cloud environment please use https://saas.navori.com/NavoriService/ADFS.aspx


5. Under the same tab, add the desired suffix tothe IDP URL, this suffix can’t be altered afterwards:


6. Under the “User Groups” tab, select the group of users allowed to authenticate through the created application.


7. On QL, login as a root admin and go to Server Properties > ADFS. Set ADFS to “active” and add the SSO metadata address (IDP URL from JumpCloud).


8. Create a new user,
Under type select “SSO” as login type
create a username that exists on jumpcloud.
Note that the user must be added to the application’s user groups.


9. To connect to the CMS with the SSO user, enter the username into the username field and leave the password blank and click the “SSO Authentication” button. If the user is not yet connected on the PC, it will prompt a JumpCloudlogin.
Once logged in, clicking the SSO Authentication link will automatically connect the user to Navori QL CMS.

For clients on the SAAS, you MUST enter the SSO username into the username field, leave the password blank and click the “SSO Authentication” button which will redirect you to your SSO login page.

Note: If a user reboots or clears the cache, credentials will need to be re-entered.

IMPORTANT INFORMATION:
If you're creating SSO integration per Domains and not at the root of the server. To login to a specific domain using SSO Integration, the customer will need to enter their username first and then click SSO Authentication to be redirected to their appropriate SSO login.

Did this answer your question?