Configure Single Sign-On using Jumpcloud with SAML

Configure Single Sign-On using Jumpcloud with SAML

Product: Thinfinity Workspace
Version: 7 and above

Jumpcloud SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Jumpcloud and securely access multiple applications. Jumpcloud generates SAML assertions that enable seamless authentication and authorization across integrated services, improving user experience and security.
The purpose of this article is to guide users on how to configure Single Sign-On (SSO) in Thinfinity Workspace, using Jumpcloud SAML as the Identity Provider (IDP).

I. Prerequisites

  • Jumpcloud account with administrative access.
  • Thinfinity Workspace installed and accessible.

II. Configuring Jumpcloud

Create a Jumpcloud Application for Thinfinity Workspace

  • First, log into your Jumpcloud dashboard or create a new account if necessary.
  • Go to the SSO Applications section and click Get Started.

  • Select the Application type, in this case it will be Custom Application. Click Select.

  • Once you have selected the application type, click Next.

  • Select the Manage Single Sign-On (SSO) feature and Configure SSO with SAML as the authorization protocol. Then click Next.

  • Now, in Display Label, provide a name for the app and click Save Application.

  • Here you will see a summary of the options you have selected so far. You can now proceed with the configuration by clicking Configure Application.

  • In the SSO Configuration, complete the IdP Entity ID, SP Entity ID, Default URL and IDP URL fields in this format:
SP Entity ID = https://[MyThinfinityWebsite]:[Port]/
Default URL = https://[MyThinfinityWebsite]:[Port]/SAMLAssertionConsumerService
Take note of these values, as they will be needed to configure SSO in Thinfinity Workspace.
When finished click save.



Obtain Jumpcloud Certificate

  • Now that the application has been created, you should download the Jumpcloud certificate. Go to SSO Applications in the dashboard and select the Thinfinity application.

  • Next, select IDP Certificate Valid in the left pane and click Download certificate. You will need this certificate to configure Thinfinity Workspace.

Configure User Assignments

  • You can create users manually or import them from Active Directory, CSV, or other repositories. Select Users in the dashboard and click the desired option.

  • Then you will activate the users and assign them to different user groups, which you will also create. Select User Groups in the dashboard and click the plus button to create a group.

  • After you create the user group, add previously created users to it. Within the new user group, click Users and assign them.

  • Now go to Applications and click the application you want to assign to this user group. Then click Save.

III. Configuring Thinfinity

Set Up SSO on Thinfinity Workspace

  • Open the Thinfinity Configuration Manager, navigate to the Authentication tab and, below that, select the Methods tab. Then click Add > SAML.

Enter Jumpcloud SAML Details in Thinfinity Workspace

  • Here, you will Name the method and enter the Jumpcloud SAML values that you have previously obtained from the Jumpcloud dashboard, into the appropriate fields on the General tab of the Authentication Method Settings, as shown below:
    • Service Identifier = SP Entity ID (https://[MythinfinityWebsite]:[Port]).
    • Service Certificate File = Path to your certificate‚Äôs file (This is your workspace's site certificate).
    • Service Certificate Password = Password for the certificate above.
    • Identification Entity ID = IdP Entity ID.
    • Single Sign-On Service URL = Identity Provider Single Sign-On URL.
    • Sign-Out URL = This value is optional.
    • Partner Certificate File = Path to the X.509 Certificate you previously downloaded from Jumpcloud.

Configure User Attributes

  • Define which user attributes from Jumpcloud will map to Thinfinity Workspace user accounts. Common attributes include email, name, and groups.
Go to the Mappings tab and in the Authentication ID Mask field, click Add and enter the email address of the Jumpcloud user you want to validate, then press OK. When finished, go to the Associated Permissions field, click Add and search for the user in Active Directory. When finished, click OK and Apply the changes.


IV. Testing the SSO Integration

  • Attempt to log in to Thinfinity Workspace and try the option Sign in with SAML.
Verify that you are redirected to the Jumpcloud login page and can authenticate successfully.


By following these steps, you should be able to integrate Jumpcloud OAuth as the SSO provider for Thinfinity Workspace effectively. Remember to test thoroughly in a non-production environment before deploying to production.
If you have any further inquiries or need additional support, please do not hesitate to reach out to us. Our team is always available to help address any questions or concerns you may have.
    • Related Articles

    • Configure Single Sign-On in using OneLogin with OAuth

      Product: Thinfinity Workspace Versions: 7 and later Introduction In this document, we will walk you through the process of configuring Single Sign-On (SSO) in Thinfinity Workspace, with OneLogin serving as the Identity Provider (IDP). SSO simplifies ...
    • Configure Single Sign-On in using Jumpcloud with OAuth

      Product: Thinfinity Workspace Version: 7 and above Jumpcloud with OAuth provides delegated access control, allowing users to grant limited permissions to third-party applications without sharing credentials. Okta acts as an OAuth provider, issuing ...
    • Configure Single Sign-On in using Okta with SAML

      Product: Thinfinity Workspace Version: 7 and above Okta SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with Okta and securely access multiple ...
    • Configure Single Sign-On in using PingID with SAML

      Product: Thinfinity Workspace Version: 7 and above PingID SAML (Security Assertion Markup Language) enables single sign-on (SSO) by acting as an identity provider (IDP), allowing users to authenticate once with PingID and securely access multiple ...
    • Configure Single Sign-On in using RADIUS

      Product: Thinfinity Workspace Version: 7 and above RADIUS (Remote Authentication Dial-In User Service) is a networking protocol used for centralized authentication, authorization, and accounting (AAA) for remote access services. It enables secure ...