Paradime Help Docs
Ask or search…
K

JumpCloud SSO

Introduction

JumpCloud provides an open directory platform unifying the technology stack across identity, access and device management, in a cost-effective manner that doesn't sacrifice security or functionality.
Organizations that use JumpCloud can enable Single Sign-on (SSO) between Paradime and their JumpCloud instance using SAML 2.0. This page describes how to configure SSO between Paradime and JumpCloud.

Create a new JumpCloud Application Integration

  1. 1.
    Login to the JumpCloud Admin Portal and navigate to the SSO Applications section and click on "+ Add New Application"
    Add new SSO Application
  2. 2.
    Search for Auth0 in the list of applications and select it and click Next in the bottom right.
    Select Auth0 application
  3. 3.
    In the general info for the SSO application, enter the following details
    a. Enter "Paradime" for the Display Label b. Uncheck the "Show this application in User Portal" -> we will explain later why we need to do this. c. Enter "Paradime" for the SSO IdP URL Click Save Application
    Setup application settings
  4. 4.
    Once the application is created, head back to the applications page and click on the application to configure further details in the SSO tab.
    Navigate to the SSO tab
  5. 5.
    Enter the following SSO configuration parameters as follows:
    • Enter https://app.paradime.io for the IdP Entity ID
    • Enter urn:auth0:paradime-io:<paradime-company-name> for the SP Entity ID. Don't forget to replace paradime-company-name with the name of the company on Paradime.
    • For the default URL as follows:
      • if your Paradime company is located in the US (🇺🇸), then enter https://auth.us.paradime.io/login/callback?connection=<paradime-company-name>
      • if your Paradime company is located in the EU (🇪🇺), then enter https://auth.paradime.io/login/callback?connection=<paradime-company-name>
        Set SSO configuration parameters
  6. 6.
    Map user attributes and constant attributes as shown below and click Save.
    Map user and constant attributes
  7. 7.
    Once Steps (1) to (6) are complete, download the IDP certificate.
    Download IDP certificate
  8. 8.
    For security reasons like preventing man-in-the-middle attacks, Paradime only allows authentication from the Service Provider i.e. we don’t allow IdP initiated logins. To create an experience where your users can still click on the app in JumpCloud, we recommend the following:
    • In step (3) we already created the Paradime app and hidden it in the user portal.
    • Next, create a URL Bookmark application in JumpCloud, call it Paradime and point the app to https://app.paradime.io and set it show in the User Portal.
      Create a URL Bookmark
      Set the bookmark
    • this way the user will always be directed to the Paradime login screen and will then use the JumpCloud SSO to finally login to Paradime
  9. 9.
    Once steps (1) to (8) are complete, share the following with the Paradime team at [email protected] either in an email or using a password manager like 1Password, Dashlane and similar:
    • The SSO IdP URL from Step (3)
    • The x.509 certificate from Step (7)
  10. 10.
    Paradime team will then create the SSO client and enable SSO on your company name and once confirmed, during login, users in your company will see a Continue with JumpCloud option.
    Login with JumpCloud
Make sure you add all the users and user groups who need access to Paradime either individually or as a group added to the Paradime app in JumpCloud in the User Groups tab.
If you already have an existing Google social login setup, then using the JumpCloud option, Paradime will automatically link your accounts and once account is linked Paradime will ask you to login again and you can then use JumpCloud SSO for all future logins.