Subscribe to Support RSS FeedThe Bob integration automates user provisioning and user updates from Bob to JumpCloud. This removes the manual processes and workflows between HR and IT related to new hire and employee/contractor change notifications. You can also use JumpCloud SAML Single Sign On (SSO) to give your users convenient but secure access to Bob using their JumpCloud credentials.
Read this article to learn how to configure the Bob Integration.
Prerequisites
- Administrator account in Bob.
- A JumpCloud administrator account.
- A JumpCloud API key to connect Bob and JumpCloud.
- If you will be configuring SSO, request your company ID from HiBob support.
Important Considerations
- We recommend creating a separate JumpCloud administrator account to generate the JumpCloud API key for this integration.
- We recommend setting your user state default to Staged to make it easier to identify users who have been imported and to complete the onboarding process without granting access. You can learn more about the Staged user state at Manage User States.
- By default, Bob employee active/inactive status will be synced to JumpCloud. If you’d like to change from the default behavior, please contact HiBob’s support team.
- Bob users created before the JumpCloud integration will be synchronized in JumpCloud once one of the mapped properties is updated for those users in Bob.
- Bob users not in JumpCloud will be created.
- Bob users who have already been created in JumpCloud will be updated.
- You can request HiBob’s support team to trigger an all employees’ synchronization to JumpCloud.
- The Bob integration is managed and supported by the HiBob team. Please contact the HiBob support team first if you encounter issues with the integration.
- We recommend that you do not set a default password in Bob. Setting a default password prevents you from being able to send a welcome email allowing the user to set their own password. You can set one later in JumpCloud if needed.
Configuring the Identity Management Integration
To get your JumpCloud API Key
- Log in to the JumpCloud Administrator Portal with the administrator account you want to use to generate the API key for this integration: https://console.jumpcloud.com.
- Click your initials in the top right corner.
- Select My API Key.
- Copy the API Key and store it in a safe place, like a Password Manager.
To configure the JumpCloud default user state
Tip:
Review Manage User States for more information.
- Log in to the JumpCloud Administrator Portal: https://console.jumpcloud.com.
- Navigate to Users > Settings.
- Set Manual / Single User API and CSV Import / Bulk User API Import values to the default user state you prefer for users created by the integration
- Click Save.
To configure the JumpCloud integration in Bob
Tip:
Review Bob's JumpCloud integration for more information.
- Login to Bob with an administrator account at: https://app.hibob.com/login/.
- From the left menu, select Settings > Integrations.
- In the Provisioning category, select the JumpCloud thumbnail.
- Enter your JumpCloud API token.
- Click SAVE.
- Choose the appropriate activation mode. The options are:
- Use Bob employee status: If the Bob employee is active, the newly created JumpCloud user will also be active or staged based on the default user state configured in your JumpCloud organization settings. If the Bob employee is inactive, the newly created JumpCloud user will be in the suspended user state.
- Always Activate: All created JumpCloud users will be active or staged based on the default user state configured in your JumpCloud organization settings
- Choose if you want to set a default password. The setting can be found in the Advanced section.
- The Bob default mappings will be used for syncing users. The default mapping is outlined in the table below.
Bob User Attributes
| Bob Field Name | JumpCloud Attribute | JumpCloud UI Field Name | Notes |
|---|---|---|---|
| username | Username | The Bob employee email will be sanitized to obtain a valid username value. | |
| First name | firstname | First Name | |
| Surname | lastname | Last Name | |
| Middle name | middlename | Middle Name | |
| Display name | displayname | Display Name | |
| Work phone | phonenumbers[{type:work}] | Work Phone | |
| Work mobile | phonenumbers[{type:cell}] | Work Cell | |
| Title | jobTitle | Job Title | |
| Department | department | Department | |
| Employee ID | employeeIdentifier | Employee ID | |
| Site | location | Location | |
| Employment type | employeeType | Employee Type | |
| Employee status | state | User state | This is a calculated field. For new active users, the user state will be set based on the JumpCloud organization setting. |
Importing Users
This functionality is helpful if users have already been created in the application but have not been created in JumpCloud.
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Search for the application and click to open its configuration panel.
- Select the Identity Management tab.
- Click manual import.
- Select the users you want to create in JumpCloud from the application from the list of users that appear. Users in the list have two import statuses:
- New – The user has not been imported.
- Imported – user has been imported and has an account in JumpCloud.
Tip: Try using the New Users-only filter when selecting users to import. This will move all of your new users to the top of the list, making them easier to identify and select.
- Click import.
- If you are importing less than 100 users, your import results will display in real time and you can continue onboarding your users.
- If you have more than 100 users being imported, JumpCloud will send you an email when your import is complete.
- You can now connect and grant users access to all their JumpCloud resources. Learn more in the Authorize Users to an Application and Connecting Users to Resources articles.
Warning: Imported users must be members of a user group bound to an application for JumpCloud to manage their identity in, and access to, the application.
Configuring the SSO Integration
To configure JumpCloud SSO:
Important:
Read the SAML Configuration Notes KB before you start configuring the connector.
- Log in to the JumpCloud Admin Portal at https://console.jumpcloud.com.
- Go to USER AUTHENTICATION > SSO.
- Click + Add New Application, search for the application and click configure.
- In the General Info tab, enter a name for the app in the Display Label field, (e.g., Bob).
- Click activate then continue.
- Search for and select the application in the Configured Applications list, select it and then select the SSO tab.
- In the ACS URLs section, replace “YOUR_ID” with your company ID provided by HiBob support. https://app.hibob.com/api/saml/callback?client_name=samlYOUR_ID (e.g., https://app.hibob.com/api/saml/callback?client_name=saml9827983742).
- Make sure that Declare Redirect Endpoint is checked.
- In the field terminating the IdP URL field, either leave the default value or enter a plaintext string unique to this connector.
- Select save.
- Open the Bob app you just activated and click the SSO tab.
- Click Export Metadata.
To configure Bob SSO
- Provide HiBob support the exported Metadata file to setup SSO on the HiBob side.
Authorizing User SSO Access
Users are implicitly denied access to applications. After you connect an application to JumpCloud, you need to authorize user access to that application. You can authorize user access from the Application Configuration panel or from the Groups Configuration panel.
To authorize user access from the Application Configuration panel
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications, then select the application to which you want to authorize user access.
- Select the User Groups tab. If you need to create a new group of users, see Get Started: Groups.
- Select the check box next to the group of users you want to give access.
- Click save.
To learn how to authorize user access from the Groups Configuration panel, see Authorize Users to an SSO Application.
Validating SSO authentication workflow(s)
IdP Initiated
- Access the JumpCloud User Console.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
SP Initiated
- Navigate to your Service Provider application URL.
- You will be redirected to log in to the JumpCloud User Portal.
- The browser will be redirected back to the application and be automatically logged in.
Removing the Integration
To deactivate the IdM Integration
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Search for the application that you’d like to deactivate and click to open its details panel.
- Under the company name and logo on the left hand panel, click the Deactivate IdM connection link.
- Click confirm.
- If successful, you will receive a confirmation message.
To deactivate the SSO Integration
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Search for the application that you’d like to deactivate and click to open its details panel.
- Select the SSO tab.
- Scroll to the bottom of the configuration.
- Click Deactivate SSO.
- Click save.
- If successful, you will receive a confirmation message.
To delete the application
- Log in to the JumpCloud Admin Portal.
- Go to USER AUTHENTICATION > SSO Applications.
- Search for the application that you’d like to delete and click to open its details panel.
- Check the box for the application.
- Click Delete.
- Enter the number of the applications you are deleting
- Click Delete Application.
- If successful, you will see an application deletion confirmation notification.
In this Article