Our SAML 2.0 integration will allow employees from your organization to log in to EasyLlama without using passwords. This integration is available for Premium Plan subscribers only.
We support the following roles:
- EasyLlama admin
- EasyLlama learner
Users in either role must already need to be present in your EasyLlama account in order to be able to use the SAML 2.0 login. This article only covers login capability. Advanced features such as user attribute syncing and SAML user provisioning are not included.
Supported Features
The JumpCloud/EasyLlama SAML integration currently supports the following features:
- IdP-initiated SSO
Create a new JumpCloud app
- Go to USER AUTHENTICATION > SSO Applications in the left side panel
- Add New Application
- Custom Application
- Next
- Manage Single Sign-On (SSO)
- Select Configure SSO with SAML
- Next
- Provide a Display Label e.g. EasyLlama SSO
- Save Application
- Configure Application
Configure JumpCloud SSO
Set up the SAML 2.0 settings between JumpCloud and EasyLlama in the SSO tab:
-
- IdP Entity ID
- Scroll down to the automatically populated IDP URL. Copy this value. Paste it into the IdP Entity ID text box. Add
/saml2
to the end of the URL. e.g.https://sso.jumpcloud.com/saml2/easyllamasso/saml2
- Scroll down to the automatically populated IDP URL. Copy this value. Paste it into the IdP Entity ID text box. Add
- SP Entity ID
- In EasyLlama Settings > Authentication > SAML Authentication Settings, copy the company reply URL. Paste it into the SP Entity ID text box.
- ACS URLs
- https://dashboard.easyllama.com/users/saml/callback
- SAMLSubject NameID
- SAMLSubject NameID Format
- Select the email address format option: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Attributes
- add attribute under User Attributes (not Constant Attributes)
- Service Provider Attribute Name: emailaddress
- JumpCloud Attribute Name: email
- add attribute under User Attributes (not Constant Attributes)
- IdP Entity ID
Assign Application to User Groups
Select the user groups that the application will be available to, e.g. All Users
Save Application Settings
Click Save
Configure EasyLlama to Connect with JumpCloud
- Go to EasyLlama > Settings > Authentication > SAML Authentication Settings
- Identity Provider Single Sign-On URL
- Copy and paste the IDP URL from JumpCloud
- Identity Provider Issuer
- Copy and paste the IdP Entity ID from JumpCloud
- Provision users automatically when they sign in
- Do not enable this feature. It is not currently supported for JumpCloud.
- X 509 certificate
- In JumpCloud, expand the IDP Certificate Valid dropdown on the left side of the application window. Click Download Certificate.
- In EasyLlama, click Choose File. You may need to change the file search from .cer or .cert files, to include the .pem file downloaded from JumpCloud. Select the certificate downloaded from JumpCloud.
- Save
- Identity Provider Single Sign-On URL
Add JumpCloud users
- Go to USER MANAGEMENT > Users in the left side panel
- Add users with your desired method.
- Add the users in the user group that the JumpCloud Application is assigned to.
Note, users' email in JumpCloud (the Company Email field in JumpCloud) must match the EasyLlama user's email.
Congratulations, your JumpCloud SAML integration is now ready to be used!
Test your SAML login
- Create a test user in JumpCloud.
- Go to USER MANAGEMENT > Users in the left side panel.
- Click the + icon to add users
- Manual User Entry
- Populate the required fields.
- Company Email: You can append
+<text>
to your email address to receive the emails to your inbox while also having a unique testing email address. E.g. if your base email is: address@example.com, your test email can be address+jumpcloudeasyllama@example.com
- Company Email: You can append
- Add the user to the User Group that the Application is assigned to
- Save User
- Activate Now
- Save
- Create the test user in EasyLlama. See these articles for more details:
- Add Learner: https://help.easyllama.com/1q2mc00mfh-adding-employees
- Delete Learner: https://help.easyllama.com/0qfxi63f3z-archive-unarchive
- Add/Remove Admin: https://help.easyllama.com/89rs0gky1f-add-additional-dashboard-admins
- Login as the test user and launch EasyLlama SSO Application
- Open your email, and find the Welcome to JumpCloud... email
- Click Set Up Account
- Set a password
- Click Register
- Log in as the test user in JumpCloud
- Launch the EasyLlama JumpCloud Application
- You should be redirected to your EasyLlama dashboard!