By Greg Keller Posted December 11, 2014
Introducing SaaS Application Single Sign-On
When we set out to build Directory-as-a-Service, we had a fairly targeted goal – “Connect employees with the IT resources they need, when they need it.” We began with the core – user management – and providing simplicity in the provisioning and managing of users on devices like Mac OS X, Linux and Windows (see more on Windows below!). Then, with the release of our LDAP service, we broadened the types of IT resources that could interact with DaaS as their authentication mechanism….e.g., hosts and applications like Confluence all now being able to utilize the standard LDAP protocol with JumpCloud acting as the LDAP endpoint and source of truth for users. Today, we are happy to announce yet another means to allow DaaS to serve as your central authoritative source of users and provide them access to even more resources: SAML-based Single Sign-On to industry leading SaaS applications.
Using JumpCloud’s SAML-based Single Sign-On
JumpCloud’s single sign-on (SSO) implementation enables employees of your organization to access industry leading SaaS applications with one click, leveraging their identities managed within JumpCloud’s directory. In this initial release, both G Suite™ in addition to Salesforce are supported. A roadmap of additional Service Providers is available from your Account Representative.
JumpCloud’s SSO support is underpinned by the open SAML 2.0 protocol. Administrators who have integrated applications via SAML will find JumpCloud’s configuration screens and set up straight forward. The Admin will configure the Service Provider (SP) to enable JumpCloud to act as the Identity Provider (IdP) for single sign on. Please see these articles in our knowledge base for a step-by-step walk through on setting up integrations for the various SPs supported by JumpCloud. The SP configuration screens are accessed in the new ‘Applications’ tab located in the side navigation tree as seen here….
With the integration between JumpCloud and the SP established, Employees have multiple options to access applications with one-click:
- Service Provider-Initiated: Employees can visit a service provider’s URL directly (e.g., https://mail.google.com/a/mycompanydomain.com or mycompanydomain.salesforce.com) for any activated services. The SP’s URL can also be directly launched in a user’s browser or triggered from hyperlinks on webpages or embedded links in emails and trigger JumpCloud’s one-click sign on.
- Identity Provider-Initiated (COMING SOON): Employees will also be able to launch a SaaS application from JumpCloud’s system user console (the ’employee console’). The system user console provides launch points for each SaaS application supported by JumpCloud and activated by an Administrator.
Integrating SAML and Service Providers
Our Knowledge Base has been updated to provide detailed documentation for Administrators to integrate JumpCloud with our supported Service Providers. Please follow the links before for the integration steps.
- Instructions on integrating Salesforce with JumpCloud can be found here.
- Instructions on integrating Google Apps with JumpCloud can be found here.
What Else is New in JumpCloud? – Windows Agent Upgrade
The JumpCloud Windows agent has been upgraded to provide deeper functionality needs in addition to overall performance and stability improvements. This release introduces a number of advancements that enable JumpCloud to better control local user accounts, spanning User, Remote Desktop and Administrator accounts. We have also upgraded support for detection of AD servers and clients to better support JumpCloud’s AD Integration capabilities (see Identity Sources). Finally, the agent itself has been upgraded to reduce both it’s memory use and disk footprint. The agent can be accessed within the Systems > Add System UI.
Supported Windows Clients:
- Windows 7
- Windows 8
- Windows Server 2008
- Windows Server 2012