Configure SAML with JumpCloud

Before you begin

Before you begin, you need to generate encryption certificates for encrypting the SAML connection and load them in LogicalDOC

1. You can use the Bash script from the logicaldoc/scripts repository on GitHub, or any other suitable method.
2. Save the two files that are generated. They are the private key and the public key. In the SAML settings panel, they are referred to as the SP Private Key and the SP Certificate respectively.

Prepare LogicalDOC

1. Enable the SAML Single-sign-on in Administration > Security > SAML Single-sign-on
2. In the SP Entity ID field put a unique identifier(you may put here the same URL you normally use to connect to LogicalDOC, eg http://localhost:8080)
3. Enable both the signature of the AuthnRequest messages and the encryption of received assertions
4. Choose SHA-256 as Signature algorithm
5. Upload the SP Certificate and SP Private Key generated at point 2 in the correspondent fields.
6. In the Attribute mappings form, prepare following mappings:
   • In Username, type username
   • In First Name, type firstName
   • In Last Name, type lastName
   • In Email, type email
   • In Groups, type groups

   Click on Save to confirm all the configuration.

   

7. Export the Service Provider metadata file by clicking on the URL displayed in the SP Metadata field. You will then use this file in JumpCloud later.

Now you completed the LogicalDOC's configuration and can approach the setup of JumpCloud,

Set Up an SSO Application for LogicalDOC Single Sign-On

1. Log in to JumpCloud as an administrator.

2. Go to SSO Applications > Add New Application.

3. Select Custom Application and click on Next.

   

4. Choose just the Manage Single Sign-On (SSO) feature and then Configure SSO with SAML. Click Next.

   

5. Enter General info, for the application, including Display label and Logo (optional). It’s recommended to display the application icon to users. If you’d like to use a LogicalDOC logo for the application, you can download one from our page.

   

6. In the next screen, select Configure Application.

7. Upload the Service Provider metadata you obtained at step 7 of LogicalDOC's preparation.

   

8. Enter a unique IdP Entity ID.

   

9. Check the Sign Assertion option.

   

10. In the attributes section, click on add attribute and insert the following attribute mappings:

    • Map Service Provider Attribute Name username to JumpCloud Attribute Name username
    • Map Service Provider Attribute Name firstName to JumpCloud Attribute Name firstname
    • Map Service Provider Attribute Name lastName to JumpCloud Attribute Name lastname
    • Map Service Provider Attribute Name email to JumpCloud Attribute Name email
    

11. Enable Include group attribute and type groups

12. Assign the user groups to this new application

    

13. Select Save to complete.

Export identity provider metadata

Next, export the identity provider metadata, which will be later uploaded to LogicalDOC to finish SAML configuration.

1. In JumpCloud go to SSO Applications and here click on the LogicalDOC entry

2. Open the SSO tab and click on Export Metadata

   

3. Go to LogicalDOC in Administration > Security > SAML Single Sign-On and upload the Identity Provider Metadata file into the field IdP metadata.

   Click on Save button to confirm all.

Test the login

In order to test if all was correctly configured, you may try to initiate a login from LogicalDOC acting as the Service Provider.

1. Go to LogicalDOC in Administration > Security > SAML Single Sign-On and copy the link of the Login field (it is the base URL of LogicalDOC followed by /saml/login).
2. Open a different browser and paste the URL and you should be redirected to the JumpCloud login page.
3. Here, enter the credentials of a user in your JumpCloud platform, and you should be logged directly into LogicalDOC.