- \n
- A JumpCloud administrator account<\/li>\n\n\n\n
- JumpCloud SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n
- A Twingate user account with owner permissions that can setup user provisioning and Twingate<\/li>\n\n\n\n
- A Business or Enterprise plan<\/a> on Twingate and your Twingate tenant name<\/li>\n<\/ul>\n\n\n\n
<\/a>Important Considerations<\/strong><\/p>\n\n\n\n
- \n
- If you need to update the SCIM token, you must deactivate the IdM integration<\/a>, update the token, and then reactivate the integration<\/li>\n\n\n\n
- Requests are rate-limited to 25 requests per second per Twingate account<\/li>\n\n\n\n
- Groups are supported <\/li>\n<\/ul>\n\n\n\n
Attribute Considerations<\/strong><\/p>\n\n\n\n
- \n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details.<\/li>\n<\/ul>\n\n\n\n
Creating a new JumpCloud Application Integration<\/strong><\/h2>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Type the name of the application in the Search <\/strong>field and select it.<\/li>\n\n\n\n
- Click Next<\/strong>.<\/li>\n\n\n\n
- In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nIf this is a Bookmark Application, enter your sign-in URL in the Bookmark URL<\/strong> field.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Optionally, expand Advanced Settings<\/strong> to specify a value for the SSO IdP URL<\/strong>. If no value is entered, it will default to https:\/\/sso.jumpcloud.com\/saml2\/<applicationname><\/kbd>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nThe SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- If successful, click:\n
- \n
- Configure Application<\/strong> and go to the next section <\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Configuring the SSO Integration<\/strong><\/h2>\n\n\n\n
To configure JumpCloud<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Replace any instances of YOUR_TENANT_NAME with your Twingate tenant name.<\/li>\n\n\n\n
- Add or change any attributes.<\/li>\n\n\n\n
- Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
To configure Twingate<\/strong><\/h3>\n\n\n\n
At this time, configuring Twingate to work with JumpCloud requires some assistance from Twingate staff. If you are interested in configuring JumpCloud with Twingate, please contact Twingate<\/a>.<\/p>\n\n\n\n
Configuring the Identity Management Integration<\/strong><\/h2>\n\n\n\n
To configure Twingate<\/strong><\/h3>\n\n\n\n
- \n
- In the Twingate, navigate to Provisioning > Integration<\/strong> and click the Configure API Integration<\/strong> button. This displays the SCIM Configurations window.<\/li>\n\n\n\n
- Copy the SCIM Endpoint <\/strong>and the SCIM Token. <\/strong><\/li>\n\n\n\n
- Click Close & Finish<\/strong>.<\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Warning:<\/strong> \nThe Client ID and Secret (token) may only be shown once. Copy them to a secure location, like the JumpCloud Password Manager<\/a>, for future reference.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Check Enable API Integration <\/strong>and paste the SCIM Token into the API Token<\/strong> field. \u201cTest API Credentials\u201d will succeed if the token is entered correctly.<\/li>\n\n\n\n
- Click Save<\/strong>.<\/li>\n\n\n\n
- Under Provisioning to App<\/strong>, enable all 3 options in the Provisioning tab and then click Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
To configure JumpCloud<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Select the Enable management of User Groups and Group Membership in this application<\/strong> checkbox if you want to provision, manage, and sync groups in Twingate from JumpCloud.<\/li>\n\n\n\n
- Click Configure<\/strong>.<\/li>\n\n\n\n
- You\u2019re presented with two fields:\n
- \n
- Base URL<\/strong>: Paste the SCIM Endpoint<\/strong> you copied when configuring Twingate. (e.g., https:\/\/{network}.twingate.com\/api\/scim\/v2<\/kbd>)<\/li>\n\n\n\n
- Token Key<\/strong>: Paste the SCIM Token<\/strong> you generated when configuring Twingate.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Activate<\/strong>. <\/li>\n\n\n\n
- You will receive a confirmation that the Identity Management integration has been successfully verified.<\/li>\n\n\n\n
- Click save<\/strong>.<\/li>\n\n\n\n
- You can now connect user groups to the application in JumpCloud to provision the members of that group in Twingate. Learn how to Authorize Users to an Application<\/a>.<\/li>\n<\/ol>\n\n\n\n
Attribute Mappings<\/strong><\/h2>\n\n\n\n
The following table lists attributes that JumpCloud sends to the application. See Attribute Considerations<\/a> for more information regarding attribute mapping considerations. <\/p>\n\n\n\n
Learn about JumpCloud Properties and how they work with system users in our API<\/a>. <\/p>\n\n\n\n
\nTwingate User Attributes<\/h3>\n
\n\n\n
\n \n JumpCloud Property <\/th>\n \n JumpCloud UI Field Name <\/th>\n \n SCIM v2 Mapping <\/th>\n \n Twingate Value <\/th>\n <\/tr>\n \n \n username <\/td>\n \n Username <\/td>\n \n userName <\/td>\n \n IdP Username <\/td>\n <\/tr>\n \n \n email <\/td>\n \n Company Email <\/td>\n \n emails:value <\/td>\n \n Email <\/td>\n <\/tr>\n \n \n active <\/td>\n \n Status <\/td>\n \n active <\/td>\n \n active <\/td>\n <\/tr>\n \n \n firstname <\/td>\n \n First Name <\/td>\n \n name.givenName <\/td>\n \n First Name <\/td>\n <\/tr>\n \n \n lastname <\/td>\n \n Last Name <\/td>\n \n name.familyName <\/td>\n \n Last Name <\/td>\n <\/tr>\n \n \n firstname\/lastname <\/td>\n \n First Name\/Last Name <\/td>\n \n name.formatted <\/td>\n \n Display Name <\/td>\n <\/tr>\n \n \n employeeIdentifier <\/td>\n \n Employee ID <\/td>\n \n externalId <\/td>\n \n Employee ID <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n \nGroup Attributes<\/h3>\n
\n - Token Key<\/strong>: Paste the SCIM Token<\/strong> you generated when configuring Twingate.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Click Save<\/strong>.<\/li>\n\n\n\n
- Copy the SCIM Endpoint <\/strong>and the SCIM Token. <\/strong><\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If successful, click:\n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- If you need to update the SCIM token, you must deactivate the IdM integration<\/a>, update the token, and then reactivate the integration<\/li>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\"){kind=icon}
<\/p><\/div>![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\"){kind=icon}
<\/p><\/div>