How to Configure SSO/SCIM - Jumpcloud
Last updated: May 29, 2025
This guide explains how to integrate JumpCloud with Kula for enabling secure Single Sign-On (SSO) and user provisioning using SCIM.
🔐 SSO Integration with JumpCloud
Supported Features
SAML 2.0 integration
IdP-Initiated and SP-Initiated login support
Manual configuration without domain verification
Steps to Configure SSO in JumpCloud:
Add a New SAML Application:
Go to JumpCloud Admin Portal > SSO > Add New Application
Choose Custom SAML App
Set the Following Parameters:
SP Entity ID: Provided by Kula
ACS URL (Single Sign-On URL): Provided by Kula
IdP Entity ID: Use JumpCloud’s
SAML Subject: Email address
Download Metadata:
JumpCloud provides an XML or metadata URL
Upload Metadata to Kula:
Navigate to Settings > SSO Setup in Kula
Upload the XML file or paste metadata values manually
Assign Users to the App
🔁 SCIM Provisioning with JumpCloud
JumpCloud’s SCIM support is currently more limited than Okta. If SCIM API integration is supported for your JumpCloud plan, follow these steps:
Enable SCIM in Kula:
Go to Settings > SCIM
Generate your SCIM Bearer Token
Configure JumpCloud (if SCIM is available):
Enter:
SCIM Base URL:
https://api.kula.ai/api/saml/scimBearer Token: The token from Kula
Contact JumpCloud support if SCIM is not directly available in your plan.
💡 FAQs
Q1. Is domain verification needed for SSO with JumpCloud?
A: No. Admins securely configure SAML metadata within Kula, so domain verification is not required.
Q2. Does JumpCloud support SCIM?
A: SCIM support may be available for premium plans. Check with JumpCloud support or documentation.
Q3. What happens if the IdP metadata changes?
A: You must update the metadata in Kula to reflect any changes.
🛠 Troubleshooting Use Case
Issue: Users see a "Login Failed" message after attempting SSO
Resolution:
Confirm the JumpCloud certificate hasn't expired
Validate ACS URL and Entity ID match Kula config
Ensure the user is assigned to the SAML application in JumpCloud