Latest news: Kisi Community is now live Learn more
Kisi wordmark

HelpSpace

search
close

Try searching for

integrations

getting started

apple watch app

blinkup

arrow up arrow down

navigate

esc to close

SSO: Configuring JumpCloud for use with Kisi

Updated

SSO requires a Kisi Organization license. Please contact Kisi Support to learn more and upgrade your account.

This integration is exclusively for JumpCloud SSO. For importing users, please see JumpCloud SCIM or JumpCloud Directory.

Kisi supports SSO (Single Sign-On) with JumpCloud as a way of authentication for your Organization. Below are the steps to our self-service SSO configuration.

Setting up SSO with JumpCloud

To set up SSO, you must be the Kisi Organization Owner. For additional guidance on SSO setup, please refer to our Kisi API documentation.

  1. Sign into JumpCloud and navigate to SSO
  2. Click on the sign and search for SAML 2.0 and select Configure
    sso-jumpcloud-add.png
  3. In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:
    sso-jumpcloud-configure.png
    • Display Label: Name your application (eg. Kisi SSO)
    • IdP Entity IDhttps://api.kisi.io/saml/metadata
    • SP Entity IDhttps://api.kisi.io/saml/metadata
    • ACS URLhttps://api.kisi.io/saml/consume/<your-kisi-domain>. Every Organization in Kisi has a domain. It's an alphanumeric string that can also contain "-" character used to uniquely identify your organizations and required during signing in. If you do not remember your Kisi Domain, you can use Find My Organizations feature.
    • SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM (screenshots below)
    • SAMLSubject NameIDemail
    • SAMLSubject NameID Formaturn:oasis:names:SAML:2.0:nameid-format:persistent
    • Signature AlgorithmRSA-SHA256
    • Sign Assertion: Check
    • Default RelayState: Leave empty
    • IdP-Initiated URL: Leave empty
    • Declare Redirect Endpoint: Don't check
    • Attributes - User Attribute Mapping:
      • Required by Kisi: Email - email
      •  Optional:FirstName - firstname and LastName - lastname
  4. Click Activate
  5. Export Metadata (you will need to upload the Metadata in Kisi)
    sso-jumpcloud-export-metadata.png
  6. Assign users to the Kisi Application under the User Group tab
    sso-jumcloud-user-groups.png
  7. Click Save
  8.  

In Kisi:

  1. Sign in to your Kisi Organization account
  2. Under Organization Setup, click on SSO & SCIM and upload the Metadata export file
    kisi-sso-setup.png
  3. Click Save
  4. Under Step 3, click on Generate Certificate

Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.

  1. In the Details section, under Single Sign-On Configuration, click on Replace SP Certificate
    sso-jumpcloud-replace-sp-certificate.png
  2. Click Save

Written by Joao,

Was this article helpful?
Have more questions? Submit a request

Related articles