- \n
- A JumpCloud administrator account.<\/li>\n\n\n\n
- JumpCloud SSO Package or higher or SSO add-on feature.<\/li>\n\n\n\n
- A strongDM user with Owner permissions that can set up user provisioning in strongDM.<\/li>\n<\/ul>\n\n\n\n
<\/a>Important Considerations<\/strong><\/p>\n\n\n\n
- \n
- strongDM SCIM API is based on version 2.0 of the SCIM standard.<\/li>\n\n\n\n
- strongDM only supports Identity Management. SAML is not available at this time.<\/li>\n\n\n\n
- When provisioning a new user, the userType will be set to user by default.<\/li>\n\n\n\n
- All SCIM Endpoints are served from app.strongdm.com<\/kbd>. strongDM’s SCIM implementation serves different endpoints for different providers. For example: OKTA : GET \/provisioning\/okta\/v2\/Users Azure AD : GET \/provisioning\/azure\/v2\/Users Generic : GET \/provisioning\/generic\/v2\/Users<\/li>\n\n\n\n
- If you need to update the SCIM token, you must deactivate the IdM integration<\/a>, update the token, and then reactivate the integration.<\/li>\n\n\n\n
- Groups are supported. If Management of User Groups and Group Membership<\/strong> is enabled, there are a few things to consider:\n
- \n
- Empty user groups will not sync. <\/li>\n\n\n\n
- Groups must have at least 1 user in them to sync.<\/li>\n\n\n\n
- There can be a delay of a few minutes when syncing.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Attribute Considerations<\/strong><\/p>\n\n\n\n
- \n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details.<\/li>\n<\/ul>\n\n\n\n
Creating a new JumpCloud Application Integration<\/strong><\/h2>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Type the name of the application in the Search <\/strong>field and select it.<\/li>\n\n\n\n
- Click Next<\/strong>.<\/li>\n\n\n\n
- In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nIf this is a Bookmark Application, enter your sign-in URL in the Bookmark URL<\/strong> field.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Optionally, expand Advanced Settings<\/strong> to specify a value for the SSO IdP URL<\/strong>. If no value is entered, it will default to https:\/\/sso.jumpcloud.com\/saml2\/<applicationname><\/kbd>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nThe SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- If successful, click:\n
- \n
- Configure Application<\/strong> and go to the next section <\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Configuring the Identity Management Integration<\/strong><\/h2>\n\n\n\n
To configure strongDM<\/strong><\/h3>\n\n\n\n
- \n
- Log in to the strongDM Admin UI.<\/li>\n\n\n\n
- Go to Settings > User Management > Provisioning<\/strong>.<\/li>\n\n\n\n
- From the SCIM Provider<\/strong> dropdown, select Generic<\/strong>.<\/li>\n\n\n\n
- Click Activate SCIM<\/strong>.<\/li>\n\n\n\n
- Copy and save the generated token. You need this for the following section.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Warning:<\/strong> \nThe Client ID and Secret (token) may only be shown once. Copy them to a secure location, like the JumpCloud Password Manager<\/a>, for future reference.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure JumpCloud<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the\u00a0Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Select the Enable management of User Groups and Group Membership in this application<\/strong> checkbox if you want to provision, manage, and sync groups in strongDM from JumpCloud.<\/li>\n\n\n\n
- Click Configure<\/strong>.<\/li>\n\n\n\n
- You\u2019re presented with two fields:\n
- \n
- Base URL<\/strong>: Enter https:\/\/app.strongdm.com\/provisioning\/generic\/v2<\/kbd><\/li>\n\n\n\n
- Token Key<\/strong>: Paste the Token<\/strong> you generated when configuring strongDM.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Activate<\/strong>. <\/li>\n\n\n\n
- You will receive a confirmation that the Identity Management integration has been successfully verified.<\/li>\n\n\n\n
- Click save<\/strong>.<\/li>\n\n\n\n
- You can now connect user groups to the application in JumpCloud to provision the members of that group in strongDM. Learn how to Authorize Users to an Application<\/a>.<\/li>\n<\/ol>\n\n\n\n
Importing Users<\/strong><\/h2>\n\n\n\n
This functionality is helpful if users have already been created in the application but have not been created in JumpCloud.<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Search for the application and click to open its configuration panel. <\/li>\n\n\n\n
- Select the Identity Management<\/strong> tab.<\/li>\n\n\n\n
- Click manual import<\/strong>.<\/li>\n\n\n\n
- Select the users you want to create in JumpCloud from the application from the list of users that appear. Users in the list have two import statuses:\n
- \n
- New\u00a0<\/strong>– user has not been imported<\/li>\n\n\n\n
- Imported\u00a0<\/strong>– user has been imported and has an account in JumpCloud<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> Try using the New Users-only filter when selecting users to import. This will move all of your new users to the top of the list, making them easier to identify and select.<\/p><\/div><\/div><\/div>\n\n\n\n
- \n
- Click import<\/strong>.\n
- \n
- If you are importing less than 100 users, your import results will display in real time and you can continue onboarding your users\u00a0<\/li>\n\n\n\n
- If you have more than 100 users being imported, JumpCloud will send you an email when your import is complete<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- \n
- You can now connect and grant users access to all their JumpCloud resources. Learn more in the Authorize Users to an Application<\/a> and Connecting Users to Resources<\/a> articles.<\/li>\n<\/ol>\n\n\n\n<\/p><\/div>
Warning:<\/strong> Imported users must be members of a user group bound to an application for JumpCloud to manage their identity in, and access to, the application.<\/p><\/div><\/div><\/div>\n\n\n\n
SCIM Directory Insights Events<\/strong><\/h2>\n\n\n\n
The following Directory Insights (DI) events provide visibility into failures and detailed information about the user and group data being added or updated from HR or other external solutions to JumpCloud.<\/p>\n\n\n\n
<\/p><\/div>Note:<\/strong> \nCustomers with no package or the Device Management Package will need to add the Directory Insights \u00e0 la carte option. Directory Insights is included in all other packages<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
\nSCIM DI Integration Events<\/h3>\n
\n\n\n
\n \n Event Name <\/th>\n \n Event Description <\/th>\n <\/tr>\n \n \n idm_integration_activate <\/td>\n \n Logged when an IT admin attempts to activated new SCIM Identity Management integration. <\/td>\n <\/tr>\n \n \n idm_integration_update <\/td>\n \n Logged when an IT admin attempts to update a configured and activated SCIM Identity Management integration. <\/td>\n <\/tr>\n \n \n idm_integration_reauth <\/td>\n \n Logged when an IT admin attempts to change the credentials for an activated SCIM Identity Management integration. <\/td>\n <\/tr>\n \n \n idm_integration_delete <\/td>\n \n Logged when an IT admin attempts to deactivate an activated SCIM Identity Management integration. <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n \nSCIM DI User Events<\/h3>\n
\n\n\n
\n \n Event Name <\/th>\n \n Event Description <\/th>\n <\/tr>\n \n \n user_create_provision <\/td>\n \n Logged when JumpCloud tries to create a new user in service provider application. <\/td>\n <\/tr>\n \n \n user_update_provision <\/td>\n \n Logged when JumpCloud tries to update an existing user in service provider application. <\/td>\n <\/tr>\n \n \n user_deprovision <\/td>\n \n Logged when JumpCloud tries to change an existing user to inactive in the service provider application. <\/td>\n <\/tr>\n \n \n user_delete_provision <\/td>\n \n Logged when JumpCloud tries to delete an existing user in service provider application. <\/td>\n <\/tr>\n \n \n user_lookup_provision <\/td>\n \n Logged when JumpCloud encounters an issue when trying to lookup a user to determine if the user needs to be created or updated. <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n SCIM DI Group Events<\/strong><\/h3>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\")
<\/p><\/div>Important:<\/strong> \nThese DI events will only be present if SCIM Groups are supported.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
\n\n\n\n
\n \n Event Name <\/th>\n \n Event Description <\/th>\n <\/tr>\n \n \n group_create_provision <\/td>\n \n Logged when JumpCloud tries to create a new group in service provider application. <\/td>\n <\/tr>\n \n \n group_update_provision <\/td>\n \n Logged when JumpCloud tries to update an existing group in service provider application. <\/td>\n <\/tr>\n \n \n group_delete_provision <\/td>\n \n Logged when JumpCloud tries to delete an existing group in service provider application. <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n Attribute Mappings<\/strong><\/h2>\n\n\n\n
The following table lists attributes that JumpCloud sends to the application. See Attribute Considerations<\/a> for more information regarding attribute mapping considerations. <\/p>\n\n\n\n
- You can now connect and grant users access to all their JumpCloud resources. Learn more in the Authorize Users to an Application<\/a> and Connecting Users to Resources<\/a> articles.<\/li>\n<\/ol>\n\n\n\n
- Imported\u00a0<\/strong>– user has been imported and has an account in JumpCloud<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Token Key<\/strong>: Paste the Token<\/strong> you generated when configuring strongDM.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Select the\u00a0Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- From the SCIM Provider<\/strong> dropdown, select Generic<\/strong>.<\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If successful, click:\n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details.<\/li>\n<\/ul>\n\n\n\n
- If you need to update the SCIM token, you must deactivate the IdM integration<\/a>, update the token, and then reactivate the integration.<\/li>\n\n\n\n