Enabling Single Sign-On with JumpCloud

Roles and permissions

Only administrators can enable SSO for the organization

Hyperproof supports Single Sign On (SSO) with JumpCloud via SAML. Once SSO is enabled for your organization, users can log in to Hyperproof in one of two ways:

With their JumpCloud credentials using a custom URL that is specific to their organization, e.g. https://luna.hyperproof.app.
Via IdP-initiated sign in, i.e. clicking the Hyperproof application on the JumpCloud Applications page. Note that IdP-initiated sign in might pose a security risk and is therefore not turned on by default.

The first step towards enabling SSO in your organization is to add Hyperproof to your JumpCloud tenant. You’ll need a subdomain, which is provisioned by Hyperproof Support. To get your subdomain, create a support request asking for SSO setup.

Note

If the domain is a .com address, the subdomain is set as the domain without the .com suffix.

If the domain is not a .com address, the subdomain is set as the domain name without the period.

Examples

Domain name	Subdomain
http://acme.com	acme
http://lunabtechnologies.com	lunabtechnologies
http://techstartup.io	techstartupio
http://whitehouse.gov	whitehousegov

Hyperproof is currently in the process of certifying its SAML integration with JumpCloud. Once that certification is complete, a Hyperproof application will be available publicly in the JumpCloud Application Connector Catalog.

Until the application is available in the JumpCloud Application Connector Catalog, it’s necessary to create a custom Hyperproof application in your JumpCloud tenant. The steps below explain how to create the custom application.

Log in to your JumpCloud tenant as an Administrator.
From the left navigation menu, click SSO.
Click the + button, and then click Custom SAML App at the bottom of the page.
Select the General Info tab.
In the Display Label field, enter Hyperproof.
Below Display Option, click Logo.
Upload the Hyperproof logo file. Click here to download the file
Select the SSO tab.
In the IdP Entity field, enter :
```
https://jumpcloud.com/MY_HYPERPROOF_SUBDOMAIN
```
Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain that has been assigned to your Hyperproof organization.
In the SP Entity ID field, enter:
```
urn:auth0:hyperproof:MY_HYPERPROOF_SUBDOMAIN
```
Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain that has been assigned to your Hyperproof organization.
In the ACS URL field, enter:
```
https://signin.hyperproof.app/login/callback?connection=MY_HYPERPROOF_SUBDOMAIN
```
Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain that has been assigned to your Hyperproof organization.
Scroll to the Attributes section.
Below User Attribute Mapping, click Add attribute. Add the following:
Table 1. Attributes
Name: email
Value: email
Name: given_name
Value: firstname
Name: family_name
Value: lastname
Name: name
Value: username
Select the User Groups tab.
Select one or more groups who will have access to Hyperproof, and then click Activate.
Click Continue.
Locate your new Hyperproof application in the list of SSO applications. Select the checkbox that corresponds with the item, and then click Export Metadata. Copy the contents of the downloaded file to the clipboard. You’ll need this to complete the setup.

Once the Hyperproof application has been configured in JumpCloud, you’ll need to add the client ID, client secret, and metadata document URL to the SSO configuration of your Hyperproof organization.

Log in to Hyperproof as an Administrator.
From the left menu, select Settings and then select Authentication.
Note
The Authentication tab is not visible until SSO is turned on for your organization. If SSO has been turned on and you don’t see the tab, log out of Hyperproof and then log back in again. If the option is still not visible, please create a support request.
Toggle on Single Sign On (SSO).
The Authentication window opens.
From the Identity Provider drop-down menu, select JumpCloud.
In the Client Secret field, paste the client secret value you copied in Step 17 of the previous section.
In the Metadata Document URL field, paste the metadata document URL you copied in Step 8 of the previous section.
Click Save.
Your SSO configuration is now displayed as Pending. A notification is generated and sent to the Hyperproof engineering team who will then complete the last portion of the SSO configuration. You will be notified when the process is complete, in about 1 to 2 business days.

You’ll be able to log in to Hyperproof using your JumpCloud credentials after SSO is fully configured for your Hyperproof organization.

At this point, you’ll have the option to make SSO required. If it’s required, users without a company email address will still be able to log in via Google, Office 365, or email/password. Refer to Requiring SSO for login for more information.

Using your previous credentials, e.g. Google, Office 365, or email/password, log in to Hyperproof.
From the left menu, select Settings and then select Authentication.
At the top of the screen you will see your organization’s SSO URL. This is the URL that your organization's Hyperproof users will use to log in to Hyperproof.
Copy the SSO URL to the clipboard.
Log out of Hyperproof by clicking your user icon in the upper-right corner, and then clicking Sign Out.
Paste the SSO URL into a new browser tab and then press Enter.
You’re redirected to your JumpCloud directory where you can log in with your JumpCloud credentials. Once you’ve provided your JumpCloud credentials, you’ll be logged into Hyperproof automatically.
If you were able to log in to Hyperproof successfully using SSO, you are ready to share the SSO URL with the other Hyperproof users in your organization.

In this section:

Name: email	Value: email
Name: given_name	Value: firstname
Name: family_name	Value: lastname
Name: name	Value: username

Enabling Single Sign-On with JumpCloud

Roles and permissions

Note

Note

Search results