This guide will walk you through the process of integrating JumpCloud with Timus using SAML 2.0 for secure Single Sign-On (SSO). Follow these steps to configure your JumpCloud application and complete the setup within Timus Manager.
1️⃣ Create a New JumpCloud Application
- Sign in to your JumpCloud Admin Console
- In the left menu, go to SSO Applications
- Click + Add New Application
- If it's your first SAML app, click Get Started instead
- Search for and select SAML 2.0
- Click Next, then:
- Display Label: Enter a name
- (Optional) Upload a custom logo
- Click Save Application
2️⃣ Configure Basic SAML Settings
After saving, you will be directed to the app configuration screen.
| JumpCloud Field | Value |
|---|---|
| IdP Entity ID |
Provided automatically by JumpCloud (e.g., https://sso.jumpcloud.com/saml2/timusnetworks)
|
| SP Entity ID | Same as IdP Entity ID |
| ACS URL | https://auth.timuscloud.com/user/external/saml |
| Subject NameID | email |
| NameID Format | urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified |
| Signature Algorithm | RSA-SHA256 |
| Signing Option | Assertion and Response |
✅ JumpCloud uses the Display Label to auto-generate the Identifier. Ensure your app name is unique to avoid conflicts across SDNs in Timus.
3️⃣ Add User Attributes
- Go to the Attributes section
- Click + Add Attribute
- Add the following fields:
| Name | Value |
|---|---|
firstname |
User's first name |
lastname |
User's last name |
4️⃣ Assign Users or Groups
- Navigate to the User Groups tab
- Select the groups who should have access to this SAML application
- Click Save
Only users assigned to this SAML app will be able to authenticate through it.
5️⃣ Configure the Integration in Timus Manager
- Navigate to Settings → Integrations → SAML 2.0 → Manage
- Click Create New and fill in:
| Timus Field | Entra Equivalent |
|---|---|
| Title | e.g., JumpCloud SAML
|
| Identifier |
https://sso.jumpcloud.com/saml2/[app-name] (auto-generated from Display Label) |
| SAML 2.0 Service URL | Same as Identifier |
| X.509 Certificate | Copy the Hex format certificate from the JumpCloud SAML Certificate section |
- (Optional) Enable Require Encrypted Assertions if you’ve configured encryption
- Define Allowed Sites and enable Remote Access if needed
- Click Save
⚠️ Important: Use a Unique Application Name
JumpCloud generates the Identifier based on the application's name. For example, naming your app timusnetworks results in: https://sso.jumpcloud.com/saml2/timusnetworks
❗ This value must be unique across all SDNs.
To avoid conflicts:
- Always choose a unique Display Label
- This ensures proper tenant isolation and prevents login issues
✅ Test the Integration
- Go to JumpCloud User Console
- Sign in as a test user assigned to the SAML app
- Click on the SAML app you just created
- You should be redirected to Timus and signed in without being prompted for credentials again
The first successful login creates the user in Timus. Future sign-ins can occur directly from the Timus Connect application.
Troubleshooting Tips
- Make sure the app name (and thus the Identifier) is unique
- Use Hex format when copying the X.509 certificate
- Ensure the SAML attributes
firstname,lastname, andnameID (email)are included - Verify that the user has been assigned to the SAML application in JumpCloud
- Wait a few minutes after assigning users—JumpCloud may take time to apply changes
Updated
Comments
0 comments
Please sign in to leave a comment.