JumpCloud: Setting up SSO via SAML
This article describes how you can set up SSO to Celonis EMS via SAML on JumpCloud.
How to configure SAML SSO via JumpCloud
Go to JumpCloud admin portal.
Go to "SSO" which can be found under USER AUTHENTICATION section.
Click "+" to add a new Application.
Click the Customer SAML App button.
Enter the name of the application in the General Info section. In this example: Celonis EMS. Here you can further customize the application (e.g. by uploading a custom icon etc.).
In the Single Sign-On Configuration section, enter the following details:
IdP Entity ID: A unique ID that identifies the application: e.g. celonis-cloud
SP Entity ID: [customer].[realm] .celonis.cloud (e.g. customer1.eu-1.celonis.cloud)
ACS URL: https:// [customer].[realm].celonis.cloud/api/auth-handler/saml/callback?client_name=SAML2Client (e.g. https://customer1.eu-1.celonis.cloud/api/auth-handler/saml/callback?client_name=SAML2Client)
SAMLSubject NameID: email
SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm: RSA-SHA256
Sign Assertion
Default RelayState: https://[customer].[realm].celonis.cloud/ (e.g. https://customer1.eu-1.celonis.cloud/)
IDP URL:
https://sso.jumpcloud.com/saml2/[unique-id] (e.g. https://sso.jumpcloud.com/saml2/celonisems)
Attributes:
email → email
firstName → firstname
lastName → lastname
GROUP ATTRIBUTES:
include group attribute: memberOf
Click on to save the newly created application
Confirm dialog box:
You should now see a notification popup and new entry in the SSO applications list:
Download the IdP Metadata file: expand the Single Sign-On Configuration and click Export Metadata.
The downloaded xml file must be uploaded to the team settings and by this the configuration is done.