Streamline lifecycle management for your organization by connecting any generic Service Provider with JumpCloud through a real-time user import SCIM integration. This integration lets you manage your organization’s user identities in the Service Provider, and easily connect users to all of the IT resources they need through JumpCloud. After you connect your Service Provider with JumpCloud through our SCIM server, depending on the integration settings you choose, users are seamlessly created, updated, and deleted in JumpCloud according to the actions you take on users within the Service Provider.
- You need a Service Provider account with the appropriate level of permissions, and that has complimentary SCIM capabilities (SCIM Client).
- An existing JumpCloud organization with an Admin given Administrator role access is required to generate an API key that will be used in the custom x api key header. Learn how to generate your access token below.
- Your Service Provider is where identities are sourced and serves as the “master” for user attributes. Once that identity is in JumpCloud, admins can manage access, authentication, and extend that identity to all JumpCloud managed resources.
- When a user is created in the Service Provider, they will be added in JumpCloud as a user with a pending password status. This means a user will need to establish and maintain their password within JumpCloud. Imported users won’t automatically be sent an activation email upon creation.
- Currently, the API token doesn’t expire.
- The generic SCIM integration uses SCIM Version 2.0.
- The JumpCloud SCIM API is based on version 2.0 of the SCIM Standard.
- Real-time Group import isn’t currently supported.
- Any attributes that have been selected within your Service Provider for export to JumpCloud will overwrite values existing in JumpCloud with each update that is triggered in the Service Provider.
- We recommend Administrators Enable read-only on the user’s portal profile page for all users in the Organization Settings within the JumpCloud admin portal, to prevent users and other administrators from updating attributes in JumpCloud.
Generically Integrating with the JumpCloud SCIM Server
To integrate with the SCIM server:
- Log in to the JumpCloud Admin Portal.
- Click on your initials in the top right corner, then click API Settings to access your API Key.
- Copy this key to paste in the API Key/Secret Token field of your Service Provider later.
- Now, log into your Service Provider’s administrator account.
- Every Service Provider will have a different way of accessing application integrations.
- You should look for a gallery of available applications to install, find or search for JumpCloud and install the application.
JumpCloud isn’t listed in every Service Provider’s application gallery. If this is the case, you will need to create a custom application for JumpCloud.
- If you create a new application, we recommend using a name like; Real-time JumpCloud Import, or something similar.
- Now, open the application dashboard. Each Service Provider will have different questions regarding the application, for example; which attributes do you want to send to JumpCloud? Enable/Disable Single Sign On (SSO)? User Provisioning Settings etc… However, all of them will require a Tenant URL, and a JumpCloud API Key (also commonly known as a Secret Token).
- Tenant URL: For JumpCloud this is a SCIM based URL, https://api.jumpcloud.com/scim/v2
- API Key/Secret Token: A JumpCloud API key should be used to authorize this integration. The API key in JumpCloud is associated with an admin account. Use an admin account that has a role of Admin with Billing, Administrator, or Manager that will be a long lived admin account for your organization.
- From your Admin portal, click on your initials in the top right corner, then click API Settings to access your API Key.
- Copy/paste this key into the API Key/Secret Token field.
- You should receive a notification from your Service Provider that JumpCloud was saved/created successfully.
- To confirm this, go back to the Service Provider’s application gallery and confirm that your newly created application; JumpCloud/Real -time JumpCloud Import is there.
- Make sure that all the other settings you want integrated with JumpCloud are set, including attribute mappings, provisioning, email notifications, group sync, Single Sign On (SSO) etc…
- Note: Take a look at the Attribute Mappings table below to see which attributes JumpCloud sends to Service Providers, because not all attributes are supported.
- Your integration is now established. If you go back to your JumpCloud Administrator console, go to USER MANAGEMENT > Users and refresh the page, you will see newly added users in a password pending state.
Connector Attribute Mappings
The following table lists attributes that the JumpCloud SCIM client will accept from this integration. Learn about JumpCloud Properties and how they work with systemusers in our API.
|JumpCloud Property||JumpCloud UI||SCIM v2 Mapping||JumpCloud Validation||Type|
|username||Username||userName||required, no special characters, (max length 1024). note: email may not be used as username. Some integrations leverage the email substring for the username||string|
|firstname||First Name||name.givenName||max length 1024||string|
|lastname||Last Name||name.familyName||max length 1024|
|Company Email||emails: value (primary)||email, required, max length 1024||string|
|password||password||password||subject to org settings||string|
!suspended && !passwordExpired