Integrations
      Back to home
      1. EasyLlama Help Center
      2. Integrations

      SAML 2.0 with JumpCloud - Manual Configuration Guide

      Our SAML 2.0 integration will allow employees from your organization to log in to EasyLlama without using passwords. This integration is available for Premium Plan subscribers only.

      We support the following roles:

      - EasyLlama admin

      - EasyLlama learner

      Users in either role must already need to be present in your EasyLlama account in order to be able to use the SAML 2.0 login. This article only covers login capability. Advanced features such as user attribute syncing and SAML user provisioning are not included. 

      Supported Features

      The JumpCloud/EasyLlama SAML integration currently supports the following features:

      • IdP-initiated SSO

      Create a new JumpCloud app

      1. Go to USER AUTHENTICATION > SSO Applications in the left side panel
      2. Add New Application 
      3. Custom Application 
      4. Next 
      5. Manage Single Sign-On (SSO)
        1. Select Configure SSO with SAML
      6. Next 
      7. Provide a Display Label e.g. EasyLlama SSO
      8. Save Application
      9. Configure Application

      Configure JumpCloud SSO


      Set up the SAML 2.0 settings between JumpCloud and EasyLlama in the SSO tab:  
        • IdP Entity ID
          • Scroll down to the automatically populated IDP URL. Copy this value. Paste it into the IdP Entity ID text box. Add /saml2 to the end of the URL. e.g. https://sso.jumpcloud.com/saml2/easyllamasso/saml2
        • SP Entity ID
          • In EasyLlama Settings > Authentication > SAML Authentication Settings, copy the company reply URL. Paste it into the SP Entity ID text box. 
        • ACS URLs
          • https://dashboard.easyllama.com/users/saml/callback
        • SAMLSubject NameID
          • email
        • SAMLSubject NameID Format
          • Select the email address format option: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
        • Attributes
          • add attribute under User Attributes (not Constant Attributes)
            • Service Provider Attribute Name: emailaddress
            • JumpCloud Attribute Name: email

      Assign Application to User Groups

      Select the user groups that the application will be available to, e.g. All Users

      Save Application Settings


      Click Save

      Configure EasyLlama to Connect with JumpCloud

      1. Go to EasyLlama > Settings > Authentication > SAML Authentication Settings
        • Identity Provider Single Sign-On URL
          • Copy and paste the IDP URL from JumpCloud
        • Identity Provider Issuer
          • Copy and paste the IdP Entity ID from JumpCloud
        • Provision users automatically when they sign in
          • Do not enable this feature. It is not currently supported for JumpCloud.
        • X 509 certificate 
          • In JumpCloud, expand the IDP Certificate Valid dropdown on the left side of the application window. Click Download Certificate
          • In EasyLlama, click Choose File. You may need to change the file search from .cer or .cert files, to include the .pem file downloaded from JumpCloud. Select the certificate downloaded from JumpCloud. 
        • Save

      Add JumpCloud users

      1. Go to USER MANAGEMENT > Users in the left side panel 
      2. Add users with your desired method. 
      3. Add the users in the user group that the JumpCloud Application is assigned to.

      Note, users' email in JumpCloud (the Company Email field in JumpCloud) must match the EasyLlama user's email. 

      Congratulations, your JumpCloud SAML integration is now ready to be used!

      Test your SAML login

      1. Create a test user in JumpCloud.
        1. Go to USER MANAGEMENT > Users in the left side panel. 
        2. Click the + icon to add users 
        3. Manual User Entry
        4. Populate the required fields. 
          1. Company Email: You can append +<text> to your email address to receive the emails to your inbox while also having a unique testing email address. E.g. if your base email is: address@example.com, your test email can be address+jumpcloudeasyllama@example.com 
        5. Add the user to the User Group that the Application is assigned to 
        6. Save User 
        7. Activate Now
        8. Save
      2. Create the test user in EasyLlama. See these articles for more details: 
        • Add Learner: https://help.easyllama.com/1q2mc00mfh-adding-employees 
        • Delete Learner: https://help.easyllama.com/0qfxi63f3z-archive-unarchive 
        • Add/Remove Admin: https://help.easyllama.com/89rs0gky1f-add-additional-dashboard-admins 
      3. Login as the test user and launch EasyLlama SSO Application
        1. Open your email, and find the Welcome to JumpCloud... email 
        2. Click Set Up Account 
        3. Set a password 
        4. Click Register
        5. Log in as the test user in JumpCloud
        6. Launch the EasyLlama JumpCloud Application 
        7. You should be redirected to your EasyLlama dashboard!