diff --git a/src/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png b/src/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png deleted file mode 100644 index 373dfe0bb20c294..000000000000000 Binary files a/src/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png and /dev/null differ diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx index 593e9d8f5d058f0..c37921fa18d7d1a 100644 --- a/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx +++ b/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx @@ -1,93 +1,56 @@ --- pcx_content_type: how-to -title: Jumpcloud (SAML) +title: JumpCloud (SAML) --- -JumpCloud provides [Directory-as-a-Service](https://jumpcloud.com/daas-product/) to securely connect user identities to systems, apps, files, and networks. Cloudflare Access integrates with JumpCloud using the SAML protocol. [This documentation from JumpCloud](https://support.jumpcloud.com/s/article/getting-started-applications-saml-sso2) can help you configure applications within your JumpCloud deployment. +[JumpCloud](https://jumpcloud.com/#platform) provides SSO identity management. Cloudflare Access integrates with JumpCloud as a SAML identity provider. -These steps focus on requirements specific to Cloudflare Zero Trust. +## Set up Jumpcloud as a SAML provider -## Set up Jumpcloud SAML +1. In the [JumpCloud Admin Portal](https://console.jumpcloud.com/#/home), go to **SSO Applications**. -To set up JumpCloud SAML as your identity provider: +2. Select **Add New Application**. -1. Generate a SAML certificate. +3. In the search bar, enter `Cloudflare` and select the **Cloudflare Access** application. - **Tip:** JumpCloud requires that you provide your own certificates for signing SAML assertions. Self-signed certificates are acceptable. +4. Select **Next**. - If you do not have a certificate, this command generates one using OpenSSL: +5. In **Display Label**, enter an application name. - ```sh - openssl genrsa -out samlidp.key 2048 ; openssl req -new -x509 -sha256 -key samlidp.key -out samlidp.crt -days 1095 - ``` +6. Select **Save Application**. - ```sh output - Generating RSA private key, 2048 bit long modulus - .................................................................................+++++ - ......................+++++ - e is 65537 (0x010001) - ``` +7. Review the application summary and select **Configure Application**. - When asked to enter a Distinguished Name or a DN to incorporate into your certificate request, you can leave some of these fields blank. Some fields have a default value. Enter a dot (`.`) in the field to leave it blank. For example: +8. In the **SSO** tab, configure the following settings: + 1. In **IdP Entity ID**, enter your Cloudflare team domain: - ```txt - ----- - Country Name (2 letter code) [AU]:. - State or Province Name (full name) [Some-State]:. - Locality Name (eg, city) []:. - Organization Name (eg, company) [Internet Widgits Pty Ltd]:. - Organizational Unit Name (eg, section) []:. - Common Name (e.g. server FQDN or YOUR name) []:JumpCloud SAML IdP - Email Address []: - ``` + ```txt + https://.cloudflareaccess.com/ + ``` + You can find your team name in Zero Trust under **Settings** > **Custom Pages**. -2. In JumpCloud, select **Applications** in the left-side menu. + 2. Set both **SP Entity ID** and **ACS URL** to the following callback URL: -3. Select the + icon at the top-left of the screen to add an application. + ```txt + https://.cloudflareaccess.com/cdn-cgi/access/callback + ``` + 3. Scroll up to **JumpCloud Metadata** and select **Export Metadata**. Save this XML file for use in a later step. -4. Choose the **SAML** option in **Application Types**. +9. In the **User Groups** tab, [assign user groups](https://jumpcloud.com/support/get-started-applications-saml-sso#managing-employee-access-to-applications) to this application. -5. Enter an application name in **Display Label**. +10. Select **Save**. -6. Enter an IdP entity in the **IDP IDENTITY ID** field.The IdP entity can be anything, but must be unique. We suggest you reference something identifiable, such as your Cloudflare team domain (`https://.cloudflareaccess.com/`). +11. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**. -7. At the prompt, enter the IdP private key and IdP certificate you previously generated. +12. Under **Login methods**, select **Add new**. -8. Set both the **SP entity ID** and **ACS URL** to the following callback URL: +13. Select **SAML**. - ```txt - https://.cloudflareaccess.com/cdn-cgi/access/callback - ``` +14. Upload your JumpCloud XML metadata file. - You can find your team name in Zero Trust under **Settings** > **Custom Pages**. +15. Select **Save**. -9. Under **SAML SUBJECT NAMEID**, choose **email**. - -10. Set the **SAML SUBJECT NAMEID FORMAT** to: - - ```txt - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - ``` - -11. Under USER ATTRIBUTES enter `email` for the name and `email` for the value. - -12. Leave other settings at default. - -13. Select **save**. Remember to assign this application to users or groups. - - ![JumpCloud Application dialog with group added to application](~/assets/images/cloudflare-one/identity/jumpcloud/jumpcloud-saml-2.png) - -14. In Zero Trust, go to **Settings** > **Authentication**. - -15. Under **Login methods**, select **Add new**. - -16. Select **SAML**. - -17. Input a **Name**, a **Single Sign on URL**, **IdP Entity ID or Issuer URL**, and **Signing Certificate**. - -18. Select **Save**. - -To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test. +You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes. ## Example API configuration