Note: This blog from 2015 is not up-to-date. Please visit our Help Center for JumpCloud’s current documentation.
OneLogin’s Single Sign On service provides companies with the capability to provide a unified set of credentials to leading SaaS-applications. The product provides the ability to consume identity from master directories such as LDAP or Microsoft’s Active Directory®. In this brief article, we’ll show you the simple step-by-step instructions to integrate OneLogin through JumpCloud’s LDAP Service.
Initial set-up: Preparing JumpCloud as the LDAP directory
Before OneLogin can be integrated with JumpCloud to access the user identities managed in its cloud-based directory, the following steps need to be completed to ensure OneLogin can communicate effectively via ldapsearch.
1) Turn the LDAP Service ‘On’
In JumpCloud’s ‘Settings’ enable the LDAP service…
Once enabled. JumpCloud will unveil certain customer-specific data, aspects of which will be required in setting up ldapsearch in the steps below…
2) Create an LDAP Service User Account
When utilizing LDAP, JumpCloud recommends the use of a binding user service account. This user will act as a true service account, enabling ldap to search the user directory as the Bind DN. To create this user:
- Go to Users and ‘Add User’
- Fill in the properties of this service account in the manner you wish. An example is below.
- Most critically, ensure ‘LDAP binding user service account’ is enabled.
- Enter a password for the service account to ensure the account is ‘verified’ and active.
With the LDAP Service Account User Created, it’s time to configure OneLogin to communicate with JumpCloud’s directory.
3) Configuring OneLogin to Consume Identities from JumpCloud (through LDAP)
Logged in as a OneLogin administrator, select Users>Directories> Add a New Directory from the main/top level menu. Once selected choose LDAP VIA SSL:
Once selected, you will be presented with a straightforward configuration screen where you will input the following LDAP parameters to connect to JumpCloud via its LDAP Service:
Please note that this article on Configuring LDAP with Applications will help with a greater understanding of JumpCloud’s binding needs. Read Before Continuing:
- Enable LDAP As your user directory CHECK TRUE
- Connect using SSL: CHECK TRUE
- LDAP server hostname: ldap.jumpcloud.com Port: 636
- Base DN: ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com
- First Name Attribute: givenName
- Last Name Attribute: sn
- Bind DN: uid=<YOUR LDAP BIND USER>,ou=Users,o=<YOUR ORG ID>,dc=jumpcloud,dc=com
- Password: This is the password for your LDAP BIND USER above
- LDAP user Password: This is the (same) password for your LDAP BIND USER above
- Enable Mappings: CHECK TRUE
- Automatically Create Users: Check True (and configure as you wish for OneLogin needs)
- The remaining fields can be left blank.
See below for this screen as configured for use with JumpCloud’s LDAP service using the parameters above:
For more information on JumpCloud’s LDAP Service, please review these Knowledge base articles or feel free to contact JumpCloud Technical Support for assistance.