Contact Us
Help Center Home > Apps and Integrations > Integrate with GoLinks

Integrate with GoLinks

Give users access to GoLinks with a Bookmark Application connector. Automatically provision, update and deprovision users in GoLinks from JumpCloud using the SCIM integration. Leverage this integration to centralize user lifecycle, user identity, and group management in JumpCloud for GoLinks. Save time and avoid mistakes, as well as potential security risks, related to manually creating users.

Read this article to learn how to setup the GoLinks integration.

Prerequisites

  • A JumpCloud Administrator account
  • JumpCloud SSO Package or higher or SSO add-on feature
  • A GoLinks user account with administrator permissions
  • SAML is required to set up SCIM
  • Contact the GoLinks Support team:
    • Request SAML 2.0 be enabled for your account
    • Obtain the Application URL
    • Request a SCIM API token

Important Considerations

  • Deleting a user will only deactivate the user from GoLinks
  • The following provisioning features are supported by GoLinks:
    • Create users
    • Update users
    • Deactivate users
  • Groups are not supported

Attribute Considerations

  • A default set of attributes are managed for users. See the Attribute Mappings section for more details

Creating a new JumpCloud Application Integration

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers for the URLs, FQDNs, and IP addresses.

  1. Go to Access SSO Applications.
  2. Click + Add New Application.
  3. You can also enter the name of the application in the Search field and select it.
  4. You can either select an application from the available list or select Custom Application, and click Next.
  5. Select the required options from the Select Options page and click Next. The Enter General Info page is displayed.
  6. On the Enter General Info page, you can customize the display label, description and how the application displays:
    • Description - add a description that users will see in their user portal
    • User Portal Image - choose Logo or Color Indicator
    • Show in User Portal - select to ensure the app is visible in the user portal
  7. Optionally, expand the Advanced Settings section and customize the IdP URL:
    • Enter a custom value to replace the default application name in the SSO IdP URL endpoint ( https://sso.jumpcloud.com/saml2/{custom_value})

Warning:

The SSO IdP URL is not editable after the application is created. If you need to change this URL later, you must delete and recreate the connector.

  1. Click Save Application.
  2. Next, click:
    • Configure Application and go to the next section
    • Close to configure your new application at a later time

Tip:

Users are implicitly denied access to applications. See Authorize Users to an SSO Application.

Configuring the SSO Integration

  1. Contact the GoLinks Support team.
    • Request SAML 2.0 be enabled for your account
    • Obtain the Bookmark Application URL

Note:

If you do not want users to use SSO, deselect Show this application in User Portal on the General Info tab.

Configuring the SCIM Integration

To configure GoLinks

  1. On the GoLinks application, navigate to Provisioning > Settings > Integration.
  2. Click the Configure API Integration button.
  3. Check the Enable API Integration checkbox.
  4. In the API Token field, enter the SCIM API token received from GoLinks Support.
  5. Click Test API Credentials.
  6. If checked, uncheck the Importing Groups checkbox.
  7. Click Save.

To navigate to your JumpCloud SCIM connector

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers for the URLs, FQDNs, and IP addresses.

  1. Go to Access > SSO Applications.
  2. Create a new application or select it from the Configured Applications list.
  3. Select the Provisioning tab.

To configure JumpCloud

  1. Click Configure.
  2. In the Token Key: field, paste the SCIM token you received from GoLinks Support.
  3. Review and edit any user attribute mappings.
  4. Click Activate.

To update your JumpCloud SCIM token

  1. After generating a new token in your SP, log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers for the URLs, FQDNs, and IP addresses.

  1. Go to Access > SSO Applications.
  2. Search for the application and click to open its configuration panel. 
  3. Select the Provisioning tab.
  4. Expand the Configuration Settings section.
  5. In the Token Key field, paste your updated token.

Note:
  • This may also be called API Key, Client Secret or Bearer Token.
  • If present, you do not need to update the Client ID.
  1. Click Update.

Warning:

Clicking Save will not update your token. You must click Update.

  1. You will get a message saying your SCIM integration has been successfully verified.

Attribute Mappings

The Export Attributes Mapping table lists the Required and Optional Mappings that JumpCloud sends to the Service Provider. See Attribute Considerations for more information regarding attribute mapping considerations. 

Learn about JumpCloud Properties and how they work with system users in our API

Modifying User Attributes

To add user attributes

  1. From your connector’s configuration page, select the Provisioning tab.
  2. Expand the Export Attribute Mapping section and click Edit. The Optional Mappings table will open.
  3. Scroll to the bottom of the table and click +Add Attribute.
  4. Select one of the mapping types:
    • Direct Mapping (JSON Path) - send the value from a user attribute in JumpCloud directly to an attribute in the service provider
      • From the JumpCloud Attribute dropdown, select the desired attribute
        • If you choose “Custom User Attribute” you must type the name of the attribute exactly as it on the user details page. To see the dropdown again, you must delete the attribute and add a new attribute
      • From the SCIM Attribute dropdown, select the corresponding (destination) attribute
    • Expression - transform or combine multiple user attributes into a single, custom value before sending it to the service provider
      • Enter the expression in the JumpCloud Attribute field
      • From the SCIM Attribute dropdown, select the corresponding (destination) attribute
    • Constant - send a fixed, predefined value—like a specific company name —for every user to the service provider
      • This is a free text field with no validation, e.g., the attribute must match exactly, including case, to the corresponding attribute in the user record. Once the custom attribute is added, you must delete it and readd a new custom attribute to see the dropdown again.
  5. Repeat these steps for additional attributes.
  6. Click Preview Mappings to review the User Schema.
    • If you do not select a specific user from the Preview Filter dropdown, the schema will default to the first user.
  1. Click Update.

Warning:

Updates to the user schema will not dynamically sync. To force a sync, you must modify the user group’s record in some way, like adding a space to the Description field.

To modify existing user attributes

This enhancement gives you complete control over the user attributes sent from JumpCloud to this application. You can now:

  • Fully control mappings - define which JumpCloud attribute or source data corresponds to an attribute in the SP's SCIM schema
  • Use a variety of source values - map data from the user's standard attributes, Manager field, custom attributes, or other data sources
  • Manipulate data with expressions - transform data, such as preferred first names and date format, using expressions before transmission to the SP. Learn more
  • Preview changes - review your new mappings to ensure accuracy before you save
  1. From your connector’s configuration page, select the Provisioning tab.
  2. Expand the Export Attribute Mapping section and click Edit.
  3. For the type of attribute you would like to modify:
    • Direct - select the new attribute from the dropdown(s)
    • Expression - click in the Expression field and make the desired edits. If necessary, select the new attribute from the SCIM Attribute dropdown
    • Custom - delete the existing values in either or both of the attribute fields and enter the new values
  4. Click Preview Mappings to review the updated User Schema.
  5. Click Update.

Warning:

Updates to the user schema will not dynamically sync. To force a sync, you must modify the user group’s record in some way, like adding a space to the Description field.

Deleting user attributes

Important:

It's highly recommended you use all optional mappings. This creates a more complete user profile, enabling better automation and more accurate access management within the application.

  1. From your connector’s configuration page, select the Provisioning tab.
  2. In the Export Attribute Mapping section, click Edit. The Optional Mappings table will open.
  3. Click Delete (Delete icon) to remove any optional attributes.
  1. When finished, click Update.

Note:

Attributes that were initially included and populated in the user record and then deleted at a later time will not be modified or removed from the user record.

Restoring default user attributes

  1. From your connector’s configuration page, select the Provisioning tab.
  2. In the Export Attribute Mapping section, click Edit. The Optional Mappings table will open.
  3. Scroll to the bottom of the table and select Restore Defaults.
  4. Click Update and then click Save.

JumpCloud EXPR Functions

Function Name Function  What it does Parameters Examples
nullOrEmpty nullOrEmpty(value) Checks if a piece of information is completely missing (null) or if it's just empty text (a blank space). If the information is a number or a list, it is considered not empty. value: The piece of user information you want to check (e.g., an ID or email address). nullOrEmpty(providerUser.externalId) ? providerUser.externalId : jcUser.id nullOrEmpty(jcUser.email) ? "unknown@example.com" : jcUser.email
notNullOrEmpty notNullOrEmpty(value) Checks if the information actually exists and has content. For text, it must have at least one character. For a list, it must have at least one item. value: The user data you are checking to ensure it exists before you use it. notNullOrEmpty(jcUser.email) ? jcUser.email : providerUser.userName
toScimPhoneNumbers toScimPhoneNumbers(phoneNumber) Turns a single JumpCloud phone number (like the digits and type) into the list format that SCIM needs. It sets the type as "work" and "primary." If there is no phone data, it returns an empty list. phoneNumber: A block of data that holds the phone number digits and, optionally, the type (e.g., "work" or "mobile"). toScimPhoneNumbers(find(jcUser.phoneNumbers, .type == 'work') ?? first(jcUser.phoneNumbers))
toScimAddresses toScimAddresses(address) Turns a single JumpCloud address (like street, city, state) into the list format that SCIM needs. It combines street lines and sets the address type as "work" and "primary." If there is no address data, it returns an empty list. address: A block of data containing all the parts of the address (street, city, state/region, zip/postal code, etc.). toScimAddresses(find(jcUser.addresses, .type == 'work') ?? first(jcUser.addresses))
toScimEmails toScimEmails(email) Takes a single email address and puts it into the list format that SCIM requires. This is useful when the destination system expects a list. The email is marked as "work" and "primary." email: The actual email address, provided as text. toScimEmails(jcUser.email)
toScimEntitlements toScimEntitlements(entitlement) Creates one entitlement record to be included in the SCIM list of entitlements. It uses the value, type, and display name you provide and marks it as primary. If you don't provide input, it returns an empty list. entitlement: A block of data that contains the entitlement's value, type, and display name. toScimEntitlements(jcUser.entitlements)
setDefaults setDefaults(m, defaults) Fills in any missing data in your main data block (m) using backup values from a separate data block (defaults). Important: If the same piece of information is in both blocks, the value from the defaults block is used. If your main data block (m) is missing, the function returns nothing. m: The primary block of data you are starting with (e.g., a user's address). defaults: The block of backup values used to fill in any missing parts of the primary block (m). setDefaults({ "region": "CA", "country": "US" }, { "region": "" })
isMemberOfAny isMemberOfAny(groups, nameOrIDs) Checks if a user is a member of any of the groups you list. It can check by group name or unique ID, ignoring upper/lower case in names. The result is always true or false. groups: The list of all groups the user belongs to (usually jcGroups). nameOrIDs: The name, unique ID, or a list of names/IDs of the specific groups you are looking for. isMemberOfAny(jcGroups, "engineering_group")isMemberOfAny(jcGroups, ["engineering_group", "sales_group"])
isMemberOfAll isMemberOfAll(groups, nameOrIDs) Checks if a user is a member of every single group you list. If the user is missing even one group, the answer is false. Matching works like isMemberOfAny. groups: The list of all groups the user belongs to (usually jcGroups). nameOrIDs: The name, unique ID, or a list of names/IDs of all the required groups. isMemberOfAll(jcGroups, "engineering_group") isMemberOfAll(jcGroups, ["engineering_group","sales_group"])
getGroups getGroups(groups) getGroups(groups, field) getGroups(groups, fields, "string") Gathers a user's group information in different ways: you can get all details (name, ID, attributes), a list of just one specific detail from each group (e.g., only the name), or a list of several specific details. Adding the text "string" as the third parameter makes sure the final output is simple text. groups: The user's list of groups (jcGroups). field or fields (optional): The specific piece(s) of information you want to extract from each group (e.g., the group's name or a custom attribute like costCenter). "string" (optional third): Include this text if you need the result to be simple text strings. getGroups(jcGroups) getGroups(jcGroups,"name") getGroups(jcGroups,"id") getGroups(jcGroups,"name", "string") getGroups(jcGroups, ["name", "roles"])
getGroupAttr getGroupAttr(groups, nameOrID, attrPath) getGroupAttr(groups, nameOrID, attrPath, default) Looks up a specific piece of information (an "attribute") from a single group (which you find by its name or ID). If the group or the information is missing, it returns a backup value (default) if you provided one; otherwise, it returns blank text. groups: The user's list of groups (jcGroups). nameOrID: The name or unique ID of the group you want to search. attrPath: The "path" (using dots) to the exact information you want (e.g., role). default (optional): The backup value to use if the group or the information you asked for cannot be found. getGroupAttr(jcGroups,"admin_group", "role") getGroupAttr(jcGroups,"admin_group", "role", "user")
filterGroups filterGroups(groups, attrPath, matchValue) Narrows down the list of groups to keep only the ones where a specific piece of information matches one of the values you provide. The check ignores upper/lower case. The result is a list of the matching groups and all their details. groups: The user's list of groups (jcGroups). attrPath: The specific piece of information (attribute) you want to check in each group (e.g., role). matchValue: A text value or a list of text values that the attribute must equal to be included in the result. filterGroups(jcGroups, "role", "admin") filterGroups(jcGroups, "role", ["admin", "user"])
findFirstGroupAttr findFirstGroupAttr(groups, attrPath, priorityList) findFirstGroupAttr(groups, attrPath, priorityList, default) Checks a list of groups, in the order you specify, and returns the first piece of non-empty information (an "attribute") it finds. This lets you prioritize data from certain groups. If the information is not found in any group, it returns the backup value (default) if you provided one; otherwise, it returns blank. groups: The user's list of groups (jcGroups). attrPath: The specific piece of information (attribute) you are trying to find. priorityList: A list of group names or IDs, listed in the exact order you want them checked. default (optional): The backup value to use if the required information cannot be found in any of the groups. findFirstGroupAttr(jcGroups, "role",["admin_group","user_group" ]) findFirstGroupAttr(jcGroups, "role",["admin_group","user_group"],"user")
toID toID("...") toID('...') A special shortcut. Before your expression runs, JumpCloud automatically swaps the group name you put inside the parentheses for that group's permanent, unique ID (a sequence of numbers and letters). It is best to use this when you need to refer to a specific group in a way that won't break if someone renames the group later. "..." or '...': Group name between single or double quotes. The match is case sensitive. getGroupAttr(jcGroups, toID("Engineering"), "costCenter")

GoLinks User Attributes

JumpCloud Attribute SCIM Attribute Notes
Required Mappings
email userName
Optional Mappings
notNullOrEmpty(jcUser.displayname) ? jcUser.displayname : (notNullOrEmpty(jcUser.lastname) ? jcUser.firstname + ' ' + jcUser.lastname : jcUser.firstname) displayName
jobTitle title
employeeType userType
company $enterpriseUser.organization
costCenter $enterpriseUser.costCenter
department $enterpriseUser.department
employeeIdentifier $enterpriseUser.employeeNumber
toScimAddresses(find(jcUser.addresses, .type == 'work') ?? first(jcUser.addresses)) addresses
notNullOrEmpty(providerUser.locale) ? providerUser.locale : 'en-US' locale
lastname name.familyName
firstname name.givenName
toScimPhoneNumbers(find(jcUser.phoneNumbers, .type == 'work') ?? first(jcUser.phoneNumbers)) phoneNumbers
toScimEmails(jcUser.email) emails
notNullOrEmpty(providerUser.externalId) ? providerUser.externalId : jcUser.id externalId
notNullOrEmpty(providerUser.preferredLanguage) ? providerUser.preferredLanguage : 'en-US' preferredLanguage
managerExternalId $enterpriseUser.manager.value

SCIM Directory Insights Events

SCIM Events Tables

The following Directory Insights (DI) events provide visibility into failures and detailed information about the user and group data and attributes being added or updated from HR or other external solutions to JumpCloud.

Note:

Customers with no package or the Device Management Package will need to add the Directory Insights à la carte option. Directory Insights is included in all other packages.

SCIM DI Integration Events

Event Name Event Description
idm_integration_activate Logged when an IT admin attempts to activated new SCIM integration.
idm_integration_update Logged when an IT admin attempts to update a configured and activated SCIM integration.
idm_integration_reauth Logged when an IT admin attempts to change the credentials for an activated SCIM integration.
idm_integration_delete Logged when an IT admin attempts to deactivate an activated SCIM integration.

SCIM DI User Events

Event Name Event Description
user_create_provision Logged when JumpCloud tries to create a new user in service provider application.
user_update_provision Logged when JumpCloud tries to update an existing user in service provider application.
user_deprovision Logged when JumpCloud tries to change an existing user to inactive in the service provider application.
user_delete_provision Logged when JumpCloud tries to delete an existing user in service provider application.
user_lookup_provision Logged when JumpCloud encounters an issue when trying to lookup a user to determine if the user needs to be created or updated.

SCIM DI Attribute Events

Event Name Event Description
attributemappings_add Logged when the attribute mappings of an application are added.
attributemappings_delete Logged when the attribute mappings of an application are deleted.
attributemappings_update Logged when the attribute mappings of an application are updated.

SCIM DI Group Events

Important:

These DI events will only be present if SCIM Groups are supported.

Event Name Event Description
group_create_provision Logged when JumpCloud tries to create a new group in service provider application.
group_update_provision Logged when JumpCloud tries to update an existing group in service provider application.
group_delete_provision Logged when JumpCloud tries to delete an existing group in service provider application.

Removing the Integration

Warning:

These are steps for removing the integration in JumpCloud. Consult your SP's documentation for any additional steps needed (like disabling "mandatory SSO login" settings) to remove the integration in the SP. Failure to remove the integration successfully for both the SP and JumpCloud may result in users, including admins, losing access to the application.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers for the URLs, FQDNs, and IP addresses.

To deactivate the SCIM Integration

  1. Log in to the JumpCloud Admin Portal.
  1. Go to Access > SSO Applications.
  2. Search for the application that you’d like to deactivate and click to open the configuration window. 
  3. Click Actions > Deactivate IdM and then click confirm.

To deactivate the SSO Integration

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Access > SSO Applications.
  3. Search for the application that you’d like to deactivate and click to open its details panel. 
  4. Select the SSO tab.
  5. Scroll to the bottom of the configuration.
  6. Click Deactivate SSO
  7. Click Save
  8. If successful, you will receive a confirmation message.

To delete the application

  1. Log in to the JumpCloud Admin Portal.
  1. Go to Access > SSO Applications.
  2. Search for the application that you’d like to delete.
  3. Check the box next to the application to select it.
  4. Click Delete.
  5. Enter the number of the applications you are deleting
  6. Click Delete Application.
  7. If successful, you will see an application deletion confirmation notification.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case