π€ Who can do this? You will need to be an admin user within Atlan to configure SSO. You will also need to work with your JumpCloud administrator to carry out the tasks below in JumpCloud.
π¨ Careful! SSO group mappings only trigger when a user first signs up. Please ensure you do all the configuration before onboarding any of the users. Otherwise, you will need to remove all the users and restart the process.
To integrate JumpCloud SSO for Atlan, complete the following steps.
Choose SSO provider (in Atlan)
To choose JumpCloud as your SSO provider, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Under Choose SAML provider, select Jumpcloud and then click Configure.
- Under Service provider metadata, copy the IdP Entity ID, SP Entity ID, and ACS URL.
Set up SAML app (in JumpCloud)
To set up a SAML app, within JumpCloud Console:
- From the menu on the left, under User Authentication click SSO.
- To the left of the search box, click the large circular + icon.
- At the bottom of the page, click the Custom SAML App button.
- Under the General Info tab, for Display Label enter a name such as Atlan.
- Change to the SSO tab and enter your Atlan SAML settings:
- For IdP Entity ID enter the value you copied from Atlan above.
- For SP Entity ID enter the value you copied from Atlan above.
- For ACS URL enter the value you copied from Atlan above.
- Below Signature Algorithm ensure Sign Assertion is enabled.
- Scroll to the bottom of the SSO tab and under User Attribute Mapping click the add attribute button. Define the following mappings from Service Provider Attribute Name on the left to JumpCloud Attribute Name on the right:
- email β> email
- firstName β> firstname
- lastName β> lastname
- group β> group (you may need to select Custom User or Group Attribute from the JumpCloud Attribute Name drop-down, and then type in
group) - username β> username
- Under the Group Attributes heading, enable the include group attribute box and enter the value
memberOf. - Change to the User Groups tab and check the box for each user group you want to be enabled for SSO.
- Below the form, click the activate button and when prompted click the continue button.
Download JumpCloud metadata file (in JumpCloud)
To download the JumpCloud metadata file, within JumpCloud Console:
- From the SSO app page, click your Atlan SSO application to open it.
- Change to the SSO tab and under JumpCloud Metadata click the Export Metadata button.
Upload JumpCloud's metadata file (in Atlan)
To complete the configuration of JumpCloud SSO, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Under Choose SAML provider, select Jumpcloud and then click Configure.
- To the right of Identity provider metadata click the Import from XML button.
- Select the
JumpCloud-saml2-metadata.xmlfile downloaded from JumpCloud above. - At the bottom of the screen, click Save.
Congratulations β you have successfully set up JumpCloud SSO in Atlan! π
πͺ Did you know? By default, users can now log into Atlan with either JumpCloud SSO or a local Atlan account (via email). To only allow logins via SSO, enable the Enforce SSO option in Atlan. Once SSO is enforced, we recommend inviting users only through the SSO provider and not directly from Atlan.
(Optional) Configure group mappings
To automatically assign JumpCloud users to Atlan groups based on their JumpCloud groups, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Change to the Groups Mapping tab.
- To the right of each Atlan group listed:
- Under the SSO Groups column enter the name of the group in JumpCloud to map to the Atlan group on that row.
- Click the Save button on that row.
As each user signs up to Atlan, they will be automatically assigned groups in Atlan based on these mappings! π
