# Single Sign-On (SSO) with JumpCloud

Single Sign-On (SSO) with JumpCloud streamlines the authentication process, providing a secure and efficient way for users to access Decube without the need for separate login credentials. By integrating JumpCloud SSO, you can enhance security, simplify user management, and improve the overall user experience.

### Benefits

* **Enhanced Security**: Centralised authentication reduces the risk of password-related breaches.
* **Simplified User Management**: Manage user access and permissions from a single JumpCloud console.
* **Improved User Experience**: Users can log in to Decube using their existing JumpCloud credentials.

### Prerequisites

Before you begin, ensure you have the following:

* A JumpCloud account with administrative privileges.
* Able to login to JumpCloud Admin Portal.
* Decube user with admin privileges.

### Steps to Connect JumpCloud to Decube

#### [1. Creating a Custom Application on JumpCloud Admin Portal.](#creating-a-custom-application-on-jumpcloud-admin-portal)

#### [2. Copy Metadata URL from JumpCloud Admin.](#copy-metadata-url-from-jumpcloud-admin-portal)

#### [3. Upload Service Provider Metadata (Decube) to JumpCloud.](#upload-service-provider-metadata-decube-to-jumpcloud)

#### [4. Save and Activate JumpCloud SSO on Decube.](#save-and-activate-jumpcloud-sso-on-decube)

## Creating a Custom Application On JumpCloud Admin Portal

{% hint style="info" %}
You may skip this section if you have a SSO Application configured on JumpCloud Admin Portal.
{% endhint %}

1. Navigate to JumpCloud Admin Portal and login using your credentials.

<figure><img src="/files/yTAy1HlyPXXCbWcxRSdf" alt=""><figcaption></figcaption></figure>

2. Under "`User Authentication`" navigate to "`SSO Applications`".

<figure><img src="/files/qTzTlHIVDVJQckDAWjMu" alt=""><figcaption></figcaption></figure>

3. Select "`+ Add New Applications`".

<figure><img src="/files/tibcOmNQ6I7nLFiC41ec" alt=""><figcaption></figcaption></figure>

4. Upon clicking on "`+ Add New Applications`", choose "`Custom Application`" as an application you would like to integrate.

<figure><img src="/files/pM5Q4Qo0FdjIkawWlS67" alt=""><figcaption></figcaption></figure>

5. Upon selecting on "`Custom Application`", user will be prompted to the next step, select "`Next`" to continue.

<figure><img src="/files/BhceTPovzolAi7tMCPCx" alt=""><figcaption></figcaption></figure>

6. On the list of features you would like to enable , check "`Manage Single Sign On (SSO)`". Select "`Next`" to continue the process.

{% hint style="info" %}
NOTE: Ensure that "Configure SSO with SAML" is selected.
{% endhint %}

<figure><img src="/files/npwVAXl9GV224FCathX4" alt=""><figcaption></figcaption></figure>

7. Provide your application a Display label, logo (optional) and description, click on "`Save Application`" to complete the process.

<figure><img src="/files/WjCIV3i6LFMJgSLKhz33" alt=""><figcaption></figcaption></figure>

## Copy Metadata URL from JumpCloud Admin Portal.

1. To Copy Metadata URL from JumpCloud Admin Portal, navigate to your newly created Applications under the SSO tab.

<figure><img src="/files/DxgiIhPtcsWJPaY5FMnp" alt=""><figcaption></figcaption></figure>

2. Go to the "SSO" tab, scroll down, and make sure the `SAMLSubject NameID Format` is set to `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`

<figure><img src="/files/szKuqZnoebCeJRVSCvCo" alt=""><figcaption></figcaption></figure>

2. Scroll up and select "`Copy Metadata URL`".

<figure><img src="/files/g2thbRwZIy2PaMgOMJ49" alt=""><figcaption></figcaption></figure>

3. Paste the previously copied Metadata URL into the field in `Step 2` to begin importing the JumpCloud Metadata. Then, select "`Fetch Metadata`" to verify the validity of the copied URL.

<figure><img src="/files/Vxn3VNdp77e5btbQPwBn" alt=""><figcaption></figcaption></figure>

## Upload Service Provider Metadata (Decube) To Jumpcloud.

1. After fetching the metadata from JumpCloud, download Decube's SP (Service Provider) metadata by clicking on the "`Download XML`" Option.

<figure><img src="/files/N8ji1ENyS7cqKewisbGM" alt=""><figcaption></figcaption></figure>

2. Once Decube's SP Metadata has been downloaded, return to the JumpCloud Admin Portal. In the Single Sign-On Configuration section, upload Decube's SP Metadata by choosing the "`Upload Metadata`" option.

Click on "`Save`" to save your JumpCloud SSO Configuration.

<figure><img src="/files/MnMiO4gDCGlygPvrU84F" alt=""><figcaption></figcaption></figure>

## Save and Activate JumpCloud SSO on Decube

1. After all the above steps is completed, navigate back to Decube and you may activate and enable JumpCloud SSO for our organisation by clicking on "`Verify and Save`".\\

<figure><img src="/files/yN7OSLS6G5RYx6J3xK0V" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.decube.io/org-settings/sso-jumpcloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.