- \n
- A JumpCloud administrator account<\/li>\n\n\n\n
- JumpCloud SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n
- A Exium Workspace user account with administrator permissions<\/li>\n\n\n\n
- Your Exium Workspace Name and ID<\/li>\n<\/ul>\n\n\n\n
Important Considerations<\/strong><\/p>\n\n\n\n
- \n
- Exium needs a startIndex (starting at 1) for it to be able to Get Users and Groups<\/li>\n\n\n\n
- Exium only supports SP-initiated SSO<\/li>\n\n\n\n
- If you need to update your token, you must deactivate the IdM integration<\/a>, update the token, and then reactivate the IdM integration<\/li>\n\n\n\n
- Groups are supported<\/li>\n<\/ul>\n\n\n\n
Attribute Considerations<\/strong><\/p>\n\n\n\n
- \n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details<\/li>\n\n\n\n
- The following attributes are not supported by JumpCloud:\n
- \n
- timezone<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Creating a new JumpCloud Application Integration<\/strong><\/h2>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Type the name of the application in the Search <\/strong>field and select it.<\/li>\n\n\n\n
- Click Next<\/strong>.<\/li>\n\n\n\n
- In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nIf this is a Bookmark Application, enter your sign-in URL in the Bookmark URL<\/strong> field.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Optionally, expand Advanced Settings<\/strong> to specify a value for the SSO IdP URL<\/strong>. If no value is entered, it will default to https:\/\/sso.jumpcloud.com\/saml2\/<applicationname><\/kbd>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nThe SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- If successful, click:\n
- \n
- Configure Application<\/strong> and go to the next section <\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Configuring the SSO Integration<\/strong><\/h2>\n\n\n\n
To configure JumpCloud<\/strong> 1<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Replace YOUR_WORKSPACE_NAME with the name of your Exium workspace.<\/li>\n\n\n\n
- Add or change any desired attributes.<\/li>\n\n\n\n
- Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
Download the JumpCloud metadata<\/strong> file<\/strong><\/h4>\n\n\n\n
- \n
- Find your application in the Configured Applications<\/strong> list and click anywhere in the row to reopen its configuration window.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab and click Export Metadata<\/strong>.<\/li>\n\n\n\n
- The JumpCloud-<applicationname>-metadata.xml<\/strong> will be exported to your local Downloads <\/strong>folder.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nMetadata can also be downloaded from the Configured Applications<\/strong> list. Search for and select the application in the list and then click Export Metadata<\/strong> in the top right corner of the window.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure Exium<\/strong><\/h3>\n\n\n\n
- \n
- Sign in to Exium company site as an administrator.<\/li>\n\n\n\n
- Navigate to Integrations<\/strong> > SCIM\/SAML SSO<\/strong>.<\/li>\n\n\n\n
- Under Choose Sign-in Type<\/strong>, select JumpCloud<\/strong>. <\/li>\n\n\n\n
- In the IDP Metadata XML Content<\/strong> field, paste the contents of the metadata file downloaded in the previous section.<\/li>\n\n\n\n
- Copy the values for the ACS URL <\/strong>and Entity ID<\/strong>.<\/li>\n\n\n\n
- Click Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
To configure JumpCloud 2<\/strong><\/h3>\n\n\n\n
- \n
- Back in the Exium SSO <\/strong>tab, paste the Exium Entity ID<\/strong> into the SP Entity ID<\/strong> field.<\/li>\n\n\n\n
- Under ACS URLs<\/strong>, enter the following:\n
- \n
- Index 0 – enter https:\/\/service.exium.net\/exium\/sign-in\/jumpcloud\/login<\/kbd><\/li>\n\n\n\n
- Index 1 – enter the ACS URL<\/strong> copied from Exium<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
Authorizing User SSO Access<\/strong><\/h2>\n\n\n\n
Users are implicitly denied access to applications. After you connect an application to JumpCloud, you need to authorize user access to that application. You can authorize user access from the Application Configuration<\/strong> panel or from the Groups Configuration<\/strong> panel. <\/p>\n\n\n\n
To authorize user access from the Application Configuration panel<\/strong><\/h3>\n\n\n\n
- \n
- Log in to the <\/a>JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- Select the User Groups<\/strong> tab. If you need to create a new group of users, see Get Started: User Groups<\/a>.<\/li>\n\n\n\n
- Select the check box next to the group of users you want to give access.<\/li>\n\n\n\n
- Click save<\/strong>. <\/li>\n<\/ol>\n\n\n\n
To learn how to authorize user access from the Groups Configuration<\/strong> panel, see Authorize Users to an SSO Application<\/a>.<\/p>\n\n\n\n
Validating SSO authentication workflow(s)<\/strong><\/h2>\n\n\n\n
SP-initiated<\/strong><\/h3>\n\n\n\n
- \n
- Download the Exium agent<\/strong> received in welcome mail and copy Workspace<\/strong> name<\/li>\n\n\n\n
- After the agent installation, enter the Workspace and Username to connect to Exium<\/li>\n\n\n\n
- Exium agent opens a browser window for SAML2 based IDP SSO authentication<\/strong><\/li>\n\n\n\n
- On successful SSO authentication, user gets logged in to Exium and can connect to Exium<\/li>\n<\/ul>\n\n\n\n
Configuring the Identity Management Integration<\/strong><\/h2>\n\n\n\n
To configure Exium<\/strong><\/h3>\n\n\n\n
- \n
- Sign in to Exium company site as an administrator.<\/li>\n\n\n\n
- Navigate to Integrations<\/strong> > SCIM\/SAML SSO<\/strong>.<\/li>\n\n\n\n
- In the JumpCloud configuration, copy the SCIM 2.0 Bearer Token<\/strong>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Warning:<\/strong> \nThe Client ID and Secret (token) may only be shown once. Copy them to a secure location, like the JumpCloud Password Manager<\/a>, for future reference.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure JumpCloud<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Click Configure<\/strong>.<\/li>\n\n\n\n
- In the Token Key<\/strong> field, paste the SCIM 2.0 Bearer Token<\/strong> from the previous section.<\/li>\n\n\n\n
- Click Activate<\/strong>.<\/li>\n\n\n\n
- You can now connect user groups to the application in JumpCloud to provision the members of that group in Exium. Learn how to Authorize Users to an Application<\/a>.<\/li>\n<\/ol>\n\n\n\n
Attribute Mappings<\/strong><\/h2>\n\n\n\n
The following table lists attributes that JumpCloud sends to the application. See Attribute Considerations<\/a> for more information regarding attribute mapping considerations. <\/p>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- In the JumpCloud configuration, copy the SCIM 2.0 Bearer Token<\/strong>.<\/li>\n<\/ol>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- Index 1 – enter the ACS URL<\/strong> copied from Exium<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Under ACS URLs<\/strong>, enter the following:\n
- Under Choose Sign-in Type<\/strong>, select JumpCloud<\/strong>. <\/li>\n\n\n\n
- Select the SSO <\/strong>tab and click Export Metadata<\/strong>.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If successful, click:\n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- The following attributes are not supported by JumpCloud:\n
- Groups are supported<\/li>\n<\/ul>\n\n\n\n