Skip to main content

JumpCloud SSO

In this guide, you’ll learn how to set up JumpCloud in Coalesce.

JumpCloud Administrator

You must be a JumpCloud Administrator to complete this process.

Before You Begin

Check Your Subdomain

You'll need to make sure you have a subdomain for Coalesce.

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp. You can also check your subdomain by going to your organizations single sign-on settings.

If the Subdomain box in your settings is blank, you need to create a subdomain for your organization.

Single Sign-On configuration form header showing Authority and Subdomain fields with Other selected

JumpCloud Setup

  1. In the JumpCloud console, under User Authentication, click SSO Applications > Add New Application.

  2. Select Custom Application from the list.

    The image shows the JumpCloud interface for creating a new application integration. It highlights the selection of a custom application and displays integration options, including SSO with OIDC, SSO with SAML, user import/export, and URL bookmark.
  3. Enable Manage Single Sign-On(SSO) and select Configure SSO with OIDC.

    The image shows the JumpCloud interface for creating a new application integration, where the Manage Single Sign-On (SSO) feature is selected. The user has chosen to configure SSO with OIDC, while the Import users from this app (Identity Management) option is not selected.
  4. Enter the Display Label and any other information you want about the app. Make sure Show this application in User Portal is checked.

  5. On the Configure Your Application screen, enter the Redirect URL or callback URI and the Login URL. The subdomain is the one you created for Coalesce in the SSO config.

    1. Callback: https://yoursubdomain.app.coalescesoftware.io/login/callback
    2. Login: https://yoursubdomain.app.coalescesoftware.io/login
  6. Set Client Authentication Type to Public (None PKCE).

    The image shows the JumpCloud interface for configuring SSO settings during application integration. It displays a Redirect URI field with a URL provided, a Client Authentication Type set to Public (None PKCE), and a Login URL field where users are required to enter the URL needed for users to log into the application.
  7. Scroll down and enable Attribute Mapping for both email and profile. This allows Coalesce to receive the email address and name so the account can be set up. The defaults can be left as is.

    The image shows JumpCloud SSO settings, specifically the email and profile mapping
  8. Click Activate. After activating, you'll get a popup with the Client ID you'll use in the Coalesce SSO configuration.

    Image showing JumpCloud SSO Client ID and Secret.

Coalesce SSO Configuration

  1. Log into Coalesce as the Org Admin and go to Single Sign-On.

  2. Enter in the following information:

    1. Authority: Other
    2. Subdomain: The one you created during "Before You Begin."
    3. Authorization Server: https://oauth.id.jumpcloud.com
    4. OIDC Client ID: The Client ID from JumpCloud.
    The image shows the Org Settings page in Coalesce's interface, specifically the Single Sign-On configuration section. It includes fields for Authority, Subdomain, Authorization Server, and OIDC Client ID, along with an option to enable Server-Side Authorization.
  3. Logout and go to your Coalesce login page, for example https://testapp.app.coalescesoftware.io/.

  4. Click the Single Sign-On button to login. You'll be redirected to the JumpCloud login page if not logged in already, otherwise you will be logged in straight away.