JumpCloud is a Directory-as-a-Service. Zeplin SAML SSO is confirmed to work with JumpCloud.
Before you begin
Generate a public certificate and private key pair, following the instructions on the JumpCloud site. Zeplin recommends using SHA256.
Configure JumpCloud from the JumpCloud Administrator Console (https://console.jumpcloud.com). Make sure you select the Administrator login screen, which is chosen by the toggle at the top left of the Sign in screen.
Log in to Zeplin (https://app.zeplin.io) as an Owner/Administrator for your Zeplin Organization.
Select Applications in the main navigation panel.
Click the “+” button to create a new Application, and select click the “configure” button next to the SAML logo, which is usually the first template option in the list
Choose and enter a unique IDP ENTITY ID according to your company’s standards
Upload the private key and the public certificate you generated into the JumpCloud fields IDP PRIVATE KEY and IDP CERTIFICATE
Under USER ATTRIBUTES, click [ + add attribute ] to add a new attribute:
- Name: email
- Value: email
Choose and complete the IDP URL according to your company’s standards.
Don’t click on activate just yet.
From the Organization Dashboard, click the settings button on the top right to access Settings, and select the AUTHENTICATION tab.
In the SAML 2.0 section, click on the “Enable” button
In the Zeplin popup:
- Copy the full string from the JumpCloud field IDP URL into the Zeplin field IdP SAML 2.0 Endpoint
- Copy the string from the JumpCloud field IDP ENTITY ID into the Zeplin field IDP Issuer
- Copy the contents of the JumpCloud public certificate file you generated into the Zeplin field IdP Public Certificate
Click on the “Enable” button
Click on the “Download SAML 2.0 metadata”
Back in JumpCloud:
Upload the metadata file just downloaded from Zeplin into the JumpCloud field Service Provider Metadata
Click on the “activate” button
Confirm everything works!
Go to the Zeplin login page, and click the link that says Login with SSO (or go directly to https://app.zeplin.io/login/sso). Enter the email address of an existing Zeplin user. You should redirect to your Ping IdP to authenticate, then back to that user's Project page.
Your company's identity management policies may require you to first assign this application to your users. Usually, this is via an existing JumpCloud user group that will need to be assigned to the Application. Click on Groups from the main menu, and view a group's Applications. Select the appropriate group, and assign the Zeplin application and specific users if required.
Extra information for JumpCloud users
When it is confirmed users can log in with SAML, you can restrict login to be via via SAML only for all users by selecting this option from the AUTHENTICATION tab in Zeplin. For safety, the Owner will still be able to log in using their username/password after this option is set.
JumpCloud does not send the session duration value in its SAML assertion. Zeplin will expire and attempt session re-authentication at the duration chosen in the Zeplin setting Session Timeout, on the AUTHENTICATION tab in Zeplin’s Organization settings. The default value is to never log out the user.
JumpCloud can sign either the Assertion or Response. Zeplin will enforce a valid signature against the JumpCloud-generated IdP Public Certificate.
JumpCloud does not support encrypted Assertions. Zeplin will accept unencrypted assertions.