SSO requires a Kisi Organization license. Please contact Kisi Support to learn more and upgrade your account.
This integration is exclusively for JumpCloud SSO. For importing users, please see JumpCloud SCIM or JumpCloud Directory.
Kisi supports SSO (Single Sign-On) with JumpCloud as a way of authentication for your Organization. Below are the steps to our self-service SSO configuration.
Setting up SSO with JumpCloud
To set up SSO, you must be the Kisi Organization Owner. For additional guidance on SSO setup, please refer to our Kisi API documentation.
- Sign into JumpCloud and navigate to SSO
- Click on the + sign and search for SAML 2.0 and select Configure
- In the Details section, fill out the required fields under General Info and Single Sign-On Configuration, as shown below:
- Display Label: Name your application (eg. Kisi SSO)
- IdP Entity ID:
https://api.kisi.io/saml/metadata
- SP Entity ID:
https://api.kisi.io/saml/metadata
- ACS URL:
https://api.kisi.io/saml/consume/<your-kisi-domain>
. Every Organization in Kisi has a domain. It's an alphanumeric string that can also contain "-" character used to uniquely identify your organizations and required during signing in. If you do not remember your Kisi Domain, you can use Find My Organizations feature. - SP Certificate: Upload certificate generated in the Kisi dashboard, under Setup > SSO & SCIM (screenshots below)
- SAMLSubject NameID:
email
- SAMLSubject NameID Format:
urn:oasis:names:SAML:2.0:nameid-format:persistent
- Signature Algorithm:
RSA-SHA256
- Sign Assertion: Check
- Default RelayState: Leave empty
- IdP-Initiated URL: Leave empty
- Declare Redirect Endpoint: Don't check
- Attributes - User Attribute Mapping:
- Required by Kisi:
Email - email
- Optional:
FirstName - firstname
andLastName - lastname
- Required by Kisi:
- Click Activate
- Export Metadata (you will need to upload the Metadata in Kisi)
- Assign users to the Kisi Application under the User Group tab
- Click Save
In Kisi:
- Sign in to your Kisi Organization account
- Under Organization Setup, click on SSO & SCIM and upload the Metadata export file
- Click Save
- Under Step 3, click on Generate Certificate
Now that you have generated the encryption certificate, go back to JumpCloud and follow the steps below to complete the configuration.
- In the Details section, under Single Sign-On Configuration, click on Replace SP Certificate
- Click Save