jumpcloud scim

ranbel · ranbel · commit b2540b230f65 · 2024-11-14T18:28:04.000-05:00
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx
@@ -3,8 +3,12 @@ pcx_content_type: how-to
 title: JumpCloud (SAML)
 ---
 
+import { Render } from "~/components";
+
 [JumpCloud](https://jumpcloud.com/#platform) provides SSO identity management. Cloudflare Access integrates with JumpCloud as a SAML identity provider.
 
+The following steps are specific to setting up JumpCloud with Cloudflare Access. For more information on configuring JumpCloud SSO application, refer to the [JumpCloud documentation](https://jumpcloud.com/support/integrate-with-cloudflare).
+
 ## Set up Jumpcloud as a SAML provider
 
 1. In the [JumpCloud Admin Portal](https://console.jumpcloud.com/#/home), go to **SSO Applications**.
@@ -34,7 +38,9 @@ title: JumpCloud (SAML)
 		```txt
 		https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback
 		```
-	3. Scroll up to **JumpCloud Metadata** and select **Export Metadata**. Save this XML file for use in a later step.
+	3. (Optional) Configure SAML attributes that you want to send to Cloudflare Access.
+
+	4. Scroll up to **JumpCloud Metadata** and select **Export Metadata**. Save this XML file for use in a later step.
 
 9. In the **User Groups** tab, [assign user groups](https://jumpcloud.com/support/get-started-applications-saml-sso#managing-employee-access-to-applications) to this application.
 
@@ -48,10 +54,51 @@ title: JumpCloud (SAML)
 
 14. Upload your JumpCloud XML metadata file.
 
-15. Select **Save**.
+15. (Optional) Configure [additional SAML options](/cloudflare-one/identity/idp-integration/generic-saml/#optional-configurations).
+
+16. Select **Save**.
 
 You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
 
+## Synchronize users and groups
+
+The JumpCloud integration allows you to synchronize user groups and automatically deprovision users using [SCIM](/cloudflare-one/identity/users/scim/).
+
+### 1. Enable SCIM in Zero Trust
+
+<Render
+	file="access/enable-scim-on-dashboard"
+	params={{ idp: "JumpCloud"}}
+/>
+
+### 2. Configure SCIM in JumpCloud
+
+1. In the [JumpCloud Admin Portal](https://console.jumpcloud.com/#/home), go to **SSO Applications**.
+2. Select the Cloudflare application that was created when you [Set up JumpCloud as a SAML provider](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#set-up-jumpcloud-as-a-saml-provider).
+3. Select the **Identity Management** tab.
+4. Make sure that **Enable management of User Groups and Group Membership in this application** is turned on.
+5. Select **Configure**.
+6. In the **Base URL** field, enter the **SCIM Endpoint** obtained from Zero Trust.
+7. In the **Token Key** field, enter the **SCIM Secret** obtained from Zero Trust.
+8. Select **Activate**. You will receive a confirmation that the Identity Management integration has been successfully verified.
+9. Select **Save**.
+
+<Render file="access/verify-scim-provisioning"/>
+
+### Provisioning attributes
+
+Provisioning attributes define the user and group properties that JumpCloud will synchronize with Cloudflare Access. By default, JumpCloud will send the following attributes during a SCIM update event:
+
+| JumpCloud user attribute| Cloudflare Access attribute |
+| ------------------ | ----------------------- |
+| `email` 					 | `email`            |
+| `firstname`        | `givenName`        |
+| `lastname`         | `surname`          |
+
+| JumpCloud group attribute | Cloudflare Access attribute |
+| ------------------ | ----------------------- |
+| `name` 					   | `groups`            |
+
 ## Example API configuration
 
 ```json
