# JumpCloud SSO ## Introduction [JumpCloud](https://jumpcloud.com) provides an open directory platform unifying the technology stack across identity, access and device management, in a cost-effective manner that doesn't sacrifice security or functionality. Organizations that use JumpCloud can enable Single Sign-on (SSO) between Paradime and their JumpCloud instance using SAML 2.0. This page describes how to configure SSO between Paradime and JumpCloud. ### Create a new JumpCloud Application Integration 1. Login to the [JumpCloud Admin Portal](https://console.jumpcloud.com/) and navigate to the **SSO Applications** section and click on **"+ Add New Application"**

2. Search for **Auth0** in the list of applications and select it and click **Next** in the bottom right.

3. In the general info for the SSO application, enter the following details a. Enter "**Paradime**" for the Display Label\ b. Uncheck the "Show this application in User Portal" -> we will explain later why we need to do this.\ c. Enter "**Paradime**" for the SSO IdP URL\ Click **Save Application**

4. Once the application is created, head back to the applications page and click on the application to configure further details in the SSO tab.

5. Enter the following SSO configuration parameters as follows: * Enter `https://app.paradime.io` for the **IdP Entity ID** * Enter `urn:auth0:paradime-io:` for the **SP Entity ID**. Don't forget to replace `paradime-company-name` with the name of the company on Paradime. * For the default URL as follows: * if your Paradime company is located in the US (🇺🇸), then enter `https://auth.us.paradime.io/login/callback?connection=` * if your Paradime company is located in the EU (`🇪🇺`), then enter `https://auth.paradime.io/login/callback?connection=`

6. Map user attributes and constant attributes as shown below and click **Save**.

7. Once Steps (1) to (6) are complete, download the IDP certificate.

8. For security reasons like preventing man-in-the-middle attacks, Paradime only allows authentication from the Service Provider i.e. we don’t allow IdP initiated logins. To create an experience where your users can still click on the app in JumpCloud, we recommend the following: * In step (3) we already created the Paradime app and hidden it in the user portal. * Next, create a **URL Bookmark** application in JumpCloud, call it **Paradime** and point the app to `https://app.paradime.io` and set it show in the User Portal.

* this way the user will always be directed to the Paradime login screen and will then use the JumpCloud SSO to finally login to Paradime 9. Once steps (1) to (8) are complete, share the following with the Paradime team at either in an email or using a password manager like 1Password, Dashlane and similar: * The **SSO IdP URL** from Step (3) * The x.509 certificate from Step (7) 10. Paradime team will then create the SSO client and enable SSO on your company name and once confirmed, during login, users in your company will see a **Continue with JumpCloud** option.

{% hint style="danger" %} Make sure you add all the users and user groups who need access to Paradime either individually or as a group added to the Paradime app in JumpCloud in the **User Groups** tab. {% endhint %} {% hint style="danger" %} **If you already have an existing Google social login setup, then using the JumpCloud option, Paradime will automatically link your accounts and once account is linked Paradime will ask you to login again and you can then use JumpCloud SSO for all future logins.** {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.paradime.io/app-help/documentation/security/single-sign-on/jumpcloud-sso-legacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.