JumpCloud SSO
Files.com supports Single Sign-On (SSO) integration with JumpCloud via the SAML protocol, enabling users to log in with their JumpCloud credentials without separate usernames or passwords, and supports a secure Service Provider (SP)-initiated SSO flow. JumpCloud acts as the Identity Provider (IdP), centralizing identity management, simplifying access for administrators, and enhancing security with consistent login policies.
Adding Files.com in JumpCloud
After logging in to your JumpCloud account as an administrator, navigate to SSO Applications -> Add New Application, and search for Custom Application. Select it to configure Files.com as a custom SAML application.
In the Create New Application Integration wizard, select all features to be enabled by choosing the Configure SSO with SAML option under Manage Single Sign-On, enter the Display Label as desired, and save the application.
Configure the application using the SAML configuration settings below, leaving the remaining fields at their default values.
Parameter | Value |
---|---|
IdP Entity ID | https://app.files.com/saml/metadata |
SP Entity ID (Audience) | https://app.files.com/saml/metadata |
ACS (Consumer) URL | https://app.files.com/saml/consume |
SAMLSubject NameID | |
Default Relay State (optional) | [SUBDOMAIN].files.com |
Login URL (optional) | [SUBDOMAIN].files.com |
Replace [SUBDOMAIN]
with your specific Files.com subdomain. The SAMLSubject NameID in JumpCloud is the user identifier that is sent in a SAML response.
Adding JumpCloud in Files.com
In Files.com, go to the SSO page and select JumpCloud as the SSO provider, then enter the Display Name.
There are three different ways you can connect to JumpCloud, as outlined below. Choosing the correct method depends on your organization's security and compliance requirements.
The Metadata URL is the simplest option, as it automatically handles updates, such as certificate renewals or changes to service provider URLs. For example, if JumpCloud's certificate expires, the Metadata URL will automatically update, while Metadata XML or Certificate Fingerprint requires manual updates. If automatic updates are not required, Metadata XML works well but requires manual intervention when changes occur. Certificate Fingerprint is the most manual option, providing more control over updates but requiring more effort to manage in the long term.
Using Metadata URL
Paste the Metadata Url you copied from JumpCloud into the Metadata URL field.
Using Metadata XML file
If you need to use a metadata XML file to connect to JumpCloud, as a JumpCloud administrator, export the metadata from the SSO page in JumpCloud. In Files.com, select the Metadata XML file option and upload the XML file you exported from JumpCloud.
Using Certificate Fingerprint
If you need to use Certificate Fingerprint to connect to JumpCloud, download the IDP Certificate from JumpCloud application dashboard. Once the Certificate is downloaded on your local machine, run the following command using terminal to obtain the Certificate's Fingerprint.
In Files.com, select the Certificate Fingerprint option and paste the fingerprint you obtained from the above command. Also, paste the IDP URL you copied from JumpCloud. You can use the same URL for SLO endpoint and SSO endpoint also.
Assigning Users
Once you save the changes, the JumpCloud Single Sign-On method will be available when assigning an authentication method for a user in Files.com, and the Sign in with JumpCloud button will be displayed on your site's login page.
It is strongly recommended to keep at least one site administrator with the password option as the authentication method, rather than assigning all to SSO, to prevent being locked out of Files.com in case of IdP or SSO issues.
Provisioning Users Automatically
Files.com supports SCIM provisioning to automate user management via JumpCloud. This integration enables automatic user creation, updating, and deactivation in Files.com based on changes made in JumpCloud. To set up SCIM provisioning, configure the SCIM connector in JumpCloud with Files.com's SCIM endpoint and authentication details. Detailed instructions are available in Files.com's SCIM provisioning documentation.
SCIM Provisioning
SCIM Provisioning allows users to be automatically provisioned in Files.com from JumpCloud.
To enable SCIM provisioning in Files.com, navigate to the advanced settings in the Add/Edit SSO Provider form. Under the Enable automatic user provisioning via SCIM? section, select Token, configure the remaining options, and then click Save. Note that the token will only become available and active after saving the Add/Edit SSO Provider form.
To enable SCIM provisioning in JumpCloud, update the Configuration Settings section under Identity Management using the following details:
Field | Value |
---|---|
API Type | SCIM API |
SCIM Version | SCIM 2.0 |
SCIM Connector Base URL | https://app.files.com/api/scim |
Token Key | Enter the token generated from Files.com |
Test User Email | Use any Email Address exists in the JumpCloud directory |
By default the token will expire in a year from the date you generated it. You will receive an alert email from Files.com before your SCIM token is going to expire. You can always extend the expiry date of the SCIM provisioning Secret token in Files.com.
To revoke the current token and get a new one because it got compromised or for any other reason, you can reset the token from Files.com. Edit your JumpCloud provider's settings in Files.com and locate the Reset Token option. Once you reset the token and click on Save, new token will be generated and available for you to copy from the Token text box.
With SCIM enabled, JumpCloud users assigned to Files.com in JumpCloud will automatically be provisioned in Files.com and able to log in via SSO.