refresh JumpCloud IdP

Author: ranbel

src/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png

@@ -1,93 +1,56 @@
 ---
 pcx_content_type: how-to
-title: Jumpcloud (SAML)
+title: JumpCloud (SAML)
 ---
 
-JumpCloud provides [Directory-as-a-Service](https://jumpcloud.com/daas-product/) to securely connect user identities to systems, apps, files, and networks. Cloudflare Access integrates with JumpCloud using the SAML protocol. [This documentation from JumpCloud](https://support.jumpcloud.com/s/article/getting-started-applications-saml-sso2) can help you configure applications within your JumpCloud deployment.
+[JumpCloud](https://jumpcloud.com/#platform) provides SSO identity management. Cloudflare Access integrates with JumpCloud as a SAML identity provider.
 
-These steps focus on requirements specific to Cloudflare Zero Trust.
+## Set up Jumpcloud as a SAML provider
 
-## Set up Jumpcloud SAML
+1. In the [JumpCloud Admin Portal](https://console.jumpcloud.com/#/home), go to **SSO Applications**.
 
-To set up JumpCloud SAML as your identity provider:
+2. Select **Add New Application**.
 
-1. Generate a SAML certificate.
+3. In the search bar, enter `Cloudflare` and select the **Cloudflare Access** application.
 
-   **Tip:** JumpCloud requires that you provide your own certificates for signing SAML assertions. Self-signed certificates are acceptable.
+4. Select **Next**.
 
-   If you do not have a certificate, this command generates one using OpenSSL:
+5. In **Display Label**, enter an application name.
 
-   ```sh
-   openssl genrsa -out samlidp.key 2048 ; openssl req -new -x509 -sha256 -key samlidp.key -out samlidp.crt -days 1095
-   ```
+6. Select **Save Application**.
 
-   ```sh output
-   Generating RSA private key, 2048 bit long modulus
-   .................................................................................+++++
-   ......................+++++
-   e is 65537 (0x010001)
-   ```
+7. Review the application summary and select **Configure Application**.
 
-   When asked to enter a Distinguished Name or a DN to incorporate into your certificate request, you can leave some of these fields blank. Some fields have a default value. Enter a dot (`.`) in the field to leave it blank. For example:
+8. In the **SSO** tab, configure the following settings:
+	1. In **IdP Entity ID**, enter your Cloudflare team domain:
 
-   ```txt
-   -----
-   Country Name (2 letter code) [AU]:.
-   State or Province Name (full name) [Some-State]:.
-   Locality Name (eg, city) []:.
-   Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
-   Organizational Unit Name (eg, section) []:.
-   Common Name (e.g. server FQDN or YOUR name) []:JumpCloud SAML IdP
-   Email Address []:
-   ```
+		```txt
+		https://<your-team-name>.cloudflareaccess.com/
+		```
+		You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
 
-2. In JumpCloud, select **Applications** in the left-side menu.
+	2. Set both **SP Entity ID** and **ACS URL** to the following callback URL:
 
-3. Select the + icon at the top-left of the screen to add an application.
+		```txt
+		https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
+		```
+	3. Scroll up to **JumpCloud Metadata** and select **Export Metadata**. Save this XML file for use in a later step.
 
-4. Choose the **SAML** option in **Application Types**.
+9. In the **User Groups** tab, [assign user groups](https://jumpcloud.com/support/get-started-applications-saml-sso#managing-employee-access-to-applications) to this application.
 
-5. Enter an application name in **Display Label**.
+10. Select **Save**.
 
-6. Enter an IdP entity in the **IDP IDENTITY ID** field.The IdP entity can be anything, but must be unique. We suggest you reference something identifiable, such as your Cloudflare team domain (`https://<your-team-name>.cloudflareaccess.com/`).
+11. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**.
 
-7. At the prompt, enter the IdP private key and IdP certificate you previously generated.
+12. Under **Login methods**, select **Add new**.
 
-8. Set both the **SP entity ID** and **ACS URL** to the following callback URL:
+13. Select **SAML**.
 
-   ```txt
-   https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
-   ```
+14. Upload your JumpCloud XML metadata file.
 
-   You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
+15. Select **Save**.
 
-9. Under **SAML SUBJECT NAMEID**, choose **email**.
-
-10. Set the **SAML SUBJECT NAMEID FORMAT** to:
-
-    ```txt
-    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-    ```
-
-11. Under USER ATTRIBUTES enter `email` for the name and `email` for the value.
-
-12. Leave other settings at default.
-
-13. Select **save**. Remember to assign this application to users or groups.
-
-    ![JumpCloud Application dialog with group added to application](~/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png)
-
-14. In Zero Trust, go to **Settings** > **Authentication**.
-
-15. Under **Login methods**, select **Add new**.
-
-16. Select **SAML**.
-
-17. Input a **Name**, a **Single Sign on URL**, **IdP Entity ID or Issuer URL**, and **Signing Certificate**.
-
-18. Select **Save**.
-
-To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test.
+You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
 
 ## Example API configuration