JumpCloud

tip

GitGuardian also supports SCIM provisioning for JumpCloud. See the SCIM configuration guide for setup instructions.

1. Log into your JumpCloud Portal as an admin.
2. Select Access -> SSO Applications
3. Click "+ Add New Application"
4. Type "GitGuardian" in the search pane, and select "Create a Custom Integration"
5. Click "Next"
6. Select "Manage Single Sign-on (SSO) and ensure the SAML option is selected
7. Optional: Select "Export users to this app (Identity Management)" if you intend to set up SCIM
8. Click "Next"
9. Add a display label, description, and upload a logo like the one here
10. Click "Save Application"
11. Click "Configure Application"
12. Scroll Down to the IdP Entity ID field and enter a unique string. (E.G.: use uuidgen to make a UUID and use that)
13. Log into GitGuardian as a Manager and navigate to the SSO Setup Page
14. Copy the value of the Service Provider Entity ID field from GitGuardian to the SP Entity ID field in JumpCloud.
15. Copy the value of the Assertion Consumer Service URL field from GitGuardian to the ACS URLs field in JumpCloud.
16. Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as the value for the SAML Subject NameID Format in JumpCloud.
17. Ensure the Signature Algorithm in JumpCloud is set to RSA-SHA256.
18. Ensure the Sign option in JumpCloud is set to "Assertion and Response"
19. In JumpCloud, map the User Attributes as follows:

    Service Provider Attribute Name	JumpCloud Attribute Name
    first_name	firstname
    last_name	lastname

20. Click "Save"
21. Select "Download Certificate" from the Actions menu.
22. In GitGuardian, check the box verifying you have mapped first_name and last_name.
23. In GitGuardian, place the Entity ID you generated in step 12 in the Entity ID field.
24. Copy the IdP URL from JumpCloud to the Single-Sign-On URL in GitGuardian
25. Upload the text of the certificate you downloaded in step 22 to the X 509 Cert field in GitGuardian.
26. Click Configure in GitGuardian.
27. Optionally: Copy the Login URL from GitGuardian to the Login URL field in JumpCloud and save the change.
    warning

    You can register this SSO login url on the IdP side to enable the SSO flow with one click directly in the IdP interface. However this IdP-Initiated flow carries a security risk and is therefore NOT recommended. Make sure you understand the risks before enabling IdP-initiated SSO.

28. Create a JumpCloud User Group named "All-incidents team" and map your users and SSO application together.
29. SaaS Only: Reserve your SSO Domain.
    tip

    If you are a SaaS client, don't forget to complete the Email domain reservation step to enable automatic SSO discovery and prevent workspace fragmentation.