Skip to main content

Enabling single sign-on with JumpCloud

Written by Hyperproof Support
Updated over 3 weeks ago

👥 Roles and permissions

  • Only administrators can enable SSO for the organization

📝 Note

This feature is not supported in Hyperproof Gov.

Hyperproof supports single sign-on (SSO) with JumpCloud via SAML. Once SSO is enabled for your organization, users can log in to Hyperproof in one of two ways:

  1. With their JumpCloud credentials using a custom URL specific to your organization.

    • If your organization is in Hyperproof US, an example of a custom URL is: https://luna.hyperproof.app

    • If your organization is in Hyperproof EU, an example of a custom URL is: https://luna.hyperproof.eu

  2. Via IdP-initiated sign-in, i.e., clicking the Hyperproof application on the JumpCloud Applications page. Note that IdP-initiated sign-in might pose a security risk and is therefore not turned on by default.

The first step towards enabling SSO in your organization is to add Hyperproof to your JumpCloud tenant. You’ll need a subdomain, which is provisioned by Hyperproof Support. To get your subdomain, create a support request asking for SSO setup.

📝 Note

If the domain is a .com address, the subdomain is set as the domain without the .com suffix.

If the domain is not a .com address, the subdomain is set as the domain name without the period.

Examples

Domain name

Subdomain

http://acme.com

acme

http://lunabtechnologies.com

lunabtechnologies

http://techstartup.io

techstartupio

http://whitehouse.gov

whitehousegov

📝 Note

If you have SSO enabled and you invite someone to your organization whose email address is not part of your SSO domain, such as external auditors or contractors, they can't log into Hyperproof via the custom URL provided for SSO. These users must log in using the default URL for your Hyperproof instance. Default Hyperproof URLs include:

Step One: Creating a custom Hyperproof application in JumpCloud

Hyperproof is currently in the process of certifying its SAML integration with JumpCloud. Once that certification is complete, a Hyperproof application will be available publicly in the JumpCloud Application Connector Catalog.

Until the application is available in the JumpCloud Application Connector Catalog, it’s necessary to create a custom Hyperproof application in your JumpCloud tenant. The steps below explain how to create the custom application.

  1. Log in to your JumpCloud tenant as an Administrator.

  2. From the left navigation menu, click SSO.

  3. Click the + button, and then click Custom SAML App at the bottom of the page.

  4. Select the General Info tab.

  5. In the Display Label field, enter Hyperproof.

  6. Below Display Option, click Logo.

  7. Upload the Hyperproof logo file. Click here to download the file

  8. Select the SSO tab.

  9. In the IdP Entity field, enter :

    https://jumpcloud.com/MY_HYPERPROOF_SUBDOMAIN

    Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain assigned to your Hyperproof organization.

  10. In the SP Entity ID field, enter:

    urn:auth0:hyperproof:MY_HYPERPROOF_SUBDOMAIN

    Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain assigned to your Hyperproof organization.

  11. In the ACS URL field, enter one of the following:

    If your organization is hosted in Hyperproof US:

    https://signin.hyperproof.app/login/callback?connection=MY_HYPERPROOF_SUBDOMAIN

    If your organization is hosted in Hyperproof EU:

    https://signin.hyperproof.eu/login/callback?connection=MY_HYPERPROOF_SUBDOMAIN

    For all Hyperproof instances, replace MY_HYPERPROOF_SUBDOMAIN with the subdomain assigned to your Hyperproof organization.

  12. Scroll to the Attributes section.

  13. Below User Attribute Mapping, click Add attribute. Add the following:

    Attributes


Name: email

Value: email

Name: given_name

Value: firstname

Name: family_name

Value: lastname

Name: name

Value: username

  1. Select the User Groups tab.

  2. Select one or more groups who will have access to Hyperproof, and then click Activate.

  3. Click Continue.

  4. Locate your new Hyperproof application in the list of SSO applications. Select the checkbox that corresponds with the item, and then click Export Metadata. Copy the contents of the downloaded file to the clipboard. You’ll need this to complete the setup.

Step Two: Configuring JumpCloud in your Hyperproof organization

Once the Hyperproof application has been configured in JumpCloud, you’ll need to add the client ID, client secret, and metadata document URL to the SSO configuration of your Hyperproof organization.

  1. Log in to Hyperproof as an Administrator.

  2. From the left menu, select Settings and then select Authentication.

    📝 Note

    The Authentication tab is not visible until SSO is turned on for your organization. If SSO has been turned on and you don’t see the tab, log out of Hyperproof and then log back in again. If the option is still not visible, please create a support request.

  3. Toggle on Single Sign On (SSO).

    The Authentication window opens.

  4. From the Identity Provider drop-down menu, select JumpCloud.

  5. In the Client Secret field, paste the client secret value you copied in Step 17 of the previous section.

  6. In the Metadata Document URL field, paste the metadata document URL you copied in Step 8 of the previous section.

  7. Click Save.

    Your SSO configuration is now displayed as Pending. A notification is generated and sent to the Hyperproof engineering team who will then complete the last portion of the SSO configuration. You will be notified when the process is complete, in about 1 to 2 business days.

Step Three: Logging in to Hyperproof with SSO

You’ll be able to log in to Hyperproof using your JumpCloud credentials after SSO is fully configured for your Hyperproof organization.

At this point, you’ll have the option to make SSO required. If it’s required, users without a company email address will still be able to log in via Google, Office 365, or email/password. Refer to Requiring SSO for login for more information.

  1. Using your previous credentials, e.g. Google, Office 365, or email/password, log in to Hyperproof.

  2. From the left menu, select Settings and then select Authentication.

  3. At the top of the screen, you will see your organization’s SSO URL. This is the URL that your organization's Hyperproof users will use to log in to Hyperproof.

    org-sso-name.png

  4. Copy the SSO URL to the clipboard.

  5. Log out of Hyperproof by clicking your user icon in the upper-right corner, and then clicking Sign Out.

  6. Paste the SSO URL into a new browser tab and then press Enter.

    You’re redirected to your JumpCloud directory where you can log in with your JumpCloud credentials. Once you’ve provided your JumpCloud credentials, you’ll be logged into Hyperproof automatically.

    If you were able to log in to Hyperproof successfully using SSO, you are ready to share the SSO URL with the other Hyperproof users in your organization.

Troubleshooting

If logging into Hyperproof with SSO does not work, verify the steps in the Step One: Creating a custom Hyperproof application in JumpCloud section above.

It also may help to inspect your SAML settings in JumpCloud. In JumpCloud, from the left navigation menu, click SSO > Hyperproof entry. Select the SSO tab and review the settings. Your settings should look like the following images:


jumpcloud-configs.png



jumpcloud-configs2.png


Related Articles
Enabling single sign-on with a generic SAML identity provider for Hyperproof Gov
Enabling single sign-on with a generic SAML identity provider
Enabling single sign-on with Okta in Hyperproof Gov
Enabling single sign-on with Okta
Enabling single sign-on with Microsoft Entra ID via OIDC
Did this answer your question?