Routing Policies for Identity Providers

Admins can specify which users authenticate with an existing Identity Provider (IdP) instead of having JumpCloud manage their user’s identities. Create a routing policy to enable only specifically assigned users to log into JumpCloud resources using their IdP credentials. 

Prerequisites:

• The user group(s) that you want to apply this routing policy to should already exist, see Get Started: User Groups.
• You need to have an IdP already configured in order to add a routing policy to it. See our configuration documentation to learn more:
  • Configure Okta as an Identity Provider
  • Configure Entra ID as an Identity Provider
  • Configure Google Workspace as an Identity Provider

Considerations:

• You can only create one IdP in JumpCloud.
• Routing policies apply to authentication requests from User Portal, Self Service Account Provisioning, and SSO apps. They will not apply to LDAP or RADIUS authentication requests. 
• We recommend enabling externally managed passwords when federated authentication is enabled to prevent users from creating or updating their password in JumpCloud. 

Creating a Routing Policy

To create a routing policy:

1. Log into your JumpCloud Admin Portal.
2. Go to DIRECTORY INTEGRATIONS > Identity Providers. 
3. Under the IdP configuration information there is an Authentication section. Click +Routing Policy to add a new policy. 
4. Next to Create Routing Policy, toggle it on to enable the policy. 
5. Under General Info, enter a required Policy Name * and you can enter a Description if you’d like to. 
6. Under Assignment, search for the User Groups that you want to log into their user portal using their IdP credentials. See Get Started: User Groups to learn more.
7. Next, under Identity Provider Routing, click the dropdown menu and select which IdP the User Authenticates with. 
8. Click Create. 
9. Your new routing policy will appear on the Identity Provider information page. 

Managing the Routing Policy 

To manage the routing policy: 

1. On the Identity Providers page, under Authentication is where the routing policy information is listed. It displays the name of the policy, how many user groups it’s applied to, and its status. 
2. Click Configure to make any changes like edit the name, description, and add or remove any user groups. 
3. If you want to disable this routing policy, but keep the configuration details intact, you can click Configure next to the routing policy. On the next page, next to the name of the policy, toggle it off to disable the policy, then click Update.