How to enable JumpCloud for SSO

🤓 Who can do this? You will need to be an admin user within Atlan to configure SSO. You will also need to work with your JumpCloud administrator to carry out the tasks below in JumpCloud.
🚨 Careful! SSO group mappings are triggered every time a user authenticates in Atlan. A user may need to log out and then log into Atlan again to view the changes. If a user is added to a new group or removed from an existing one in JumpCloud, the updates will also be reflected in Atlan. To ensure that the sync is successful, the groups that the user belongs to should be mapped in Atlan, and if a group name has changed in JumpCloud, you will need to update the group name in Atlan as well. For any questions about group mapping sync, head over here.

To integrate JumpCloud SSO for Atlan, complete the following steps.

Choose SSO provider (in Atlan)

To choose JumpCloud as your SSO provider, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Jumpcloud and then click Configure.
  4. Under Service provider metadata, copy the IdP Entity ID, SP Entity ID, and ACS URL.

Set up SAML app (in JumpCloud)

To set up a SAML app, within JumpCloud Console:

  1. From the menu on the left, under User Authentication click SSO.
  2. To the left of the search box, click the large circular + icon.
  3. At the bottom of the page, click the Custom SAML App button.
  4. Under the General Info tab, for Display Label enter a name such as Atlan.
  5. Change to the SSO tab and enter your Atlan SAML settings:
    1. For IdP Entity ID enter the value you copied from Atlan above.
    2. For SP Entity ID enter the value you copied from Atlan above.
    3. For ACS URL enter the value you copied from Atlan above.
    4. Below Signature Algorithm ensure Sign Assertion is enabled.
  6. Scroll to the bottom of the SSO tab and under User Attribute Mapping click the add attribute button. Define the following mappings from Service Provider Attribute Name on the left to JumpCloud Attribute Name on the right:
    1. email —> email
    2. firstName —> firstname
    3. lastName —> lastname
    4. group —> group (you may need to select Custom User or Group Attribute from the JumpCloud Attribute Name drop-down, and then type in group)
    5. username —> username
  7. Under the Group Attributes heading, enable the include group attribute box and enter the value memberOf. This is required if you want to retain group membership in Atlan.
  8. Change to the User Groups tab and check the box for each user group you want to be enabled for SSO.
  9. Below the form, click the activate button and when prompted click the continue button.

Download JumpCloud metadata file (in JumpCloud)

To download the JumpCloud metadata file, within JumpCloud Console:

  1. From the SSO app page, click your Atlan SSO application to open it.
  2. Change to the SSO tab and under JumpCloud Metadata click the Export Metadata button.

Upload JumpCloud's metadata file (in Atlan)

To complete the configuration of JumpCloud SSO, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Jumpcloud and then click Configure.
  4. To the right of Identity provider metadata click the Import from XML button.
  5. Select the JumpCloud-saml2-metadata.xml file downloaded from JumpCloud above.
  6. At the bottom of the screen, click Save.

Congratulations — you have successfully set up JumpCloud SSO in Atlan! 🎉

💪 Did you know? By default, users can now log into Atlan with either JumpCloud SSO or a local Atlan account (via email). To only allow logins via SSO, enable the Enforce SSO option in Atlan. Once SSO is enforced, we recommend asking your JumpCloud administrator to provision access to users through JumpCloud and not directly from Atlan. When access has been provided, a user will be able to log into Atlan directly and their profile will be generated automatically.

(Optional) Configure group mappings

🚨 Careful! Before you can configure group mapping, you will first need to create groups in Atlan that correspond to the groups you want to map from JumpCloud to Atlan. In addition, you must configure the memberOf attribute and group mapping to retain group membership in Atlan.

To automatically assign JumpCloud users to Atlan groups based on their JumpCloud groups, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Change to the Groups Mapping tab.
  4. To the right of each Atlan group listed:
    1. Under the SSO Groups column, type the name of the corresponding group in JumpCloud to map to the Atlan group on that row — for example, Data Engineering, Business Analysts, and so on. You will need to provide each JumpCloud group with access to Atlan.
    2. Click the Save button on that row.

As each user signs up to Atlan, they will be automatically assigned groups in Atlan based on these mappings! 🎉

💪 Did you know? Once you've configured group mapping, you can add the mapped groups to a persona or purpose to auto-assign relevant permissions to users as they sign up in Atlan.

Related articles

Was this article helpful?
1 out of 1 found this helpful