# JumpCloud Configuration

{% hint style="info" %}
For a 100% cloud-based integration with JumpCloud, see [Keeper SSO Connect Cloud](https://docs.keeper.io/sso-connect-cloud/)
{% endhint %}

### JumpCloud

JumpCloud instructions for setting up Single Sign On (SSO) with Keeper Security.\
\
As listed in the JumpCloud SSO Prerequisites a public certificate and a private key pair are required. Instructions can be found here:

<https://jumpcloud.com/configure/keeper-and-sso-configuration/>

Log into the JumpCloud Administrator console.

Select the **Applications** tab on the side menu.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6Uv3k1hksfsK-zt1B%2Fsso-step-150b.png?alt=media&#x26;token=b7434bad-dbad-4d4d-a913-371bd826ef7e" alt=""></div>

Next, select the **+** icon in the upper left corner.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6VSMdHWDiv-N3HIxv%2Fsso-step-151b.png?alt=media&#x26;token=14fb4888-2987-4b3d-8823-1625ba279b8a" alt=""></div>

Search for **Keeper** in the Application list search bar. Select Configure on the Keeper Application.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LlEUTNBuOwMiADF6fZH%2F-LlEUUp6VnzrKofAldLj%2Fsso-step-152b.png?alt=media&#x26;token=37764b0e-e74a-4a59-9e68-0290633c7a51" alt=""></div>

Next, on Keeper Application connector page, enter the IDP ENTITY ID:

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6X8DnOIe0MoicUNEE%2Fsso-step-153b.png?alt=media&#x26;token=e1a2aecd-58d5-47dd-a560-a7fb896bb4db" alt=""></div>

The IDP ENTITY ID is a unique, case-sensitive identifier used by JumpCloud for this Service Provider (SP). This value should match the value specified in the **Entity ID** field of the Keeper SSO Connect. Your domain name, SSO Connect server name or IP address are possible examples.\
\
Next, Upload the IdP Private Key (private.pem file) and IDP Certificate (cert.pem file).

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6XIFCDiMY4HLBKD0r%2Fsso-step-154b.png?alt=media&#x26;token=cea417e5-f938-4e8c-90bb-f6c2524e127d" alt=""></div>

In the SP Entity ID field, enter the value found in the Entity ID field of the Service Provider Section from Keeper SSO Connect.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6XOTWiLN94o8JBcey%2Fsso-step-155b.png?alt=media&#x26;token=3293a63b-5240-4183-af28-4e6b43eb07b1" alt=""></div>

In the ACS URL field, enter the value found in the ACS URL field of the Service Provider Section from Keeper SSO Connect.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6XVn6sl30JdSWAauh%2Fsso-step-156b.png?alt=media&#x26;token=41843452-25e1-4ec5-a159-416026948e1a" alt=""></div>

In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector. (i.e. keepersecurity)

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6X_sJKar_Ut1JFJ5Z%2Fsso-step-157b.png?alt=media&#x26;token=603e16a5-1c87-4355-b086-5ed0ef17d006" alt=""></div>

In the Display Label field, enter a label that will appear under the Service Provider logo within the JumpCloud User console. (i.e. Keeper Security)

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6XfwQEI4ucHrqufso%2Fsso-step-158b.png?alt=media&#x26;token=7376a4d4-40ab-4fc9-a9a9-a0b1cb567eda" alt=""></div>

**Note: Keeper SSO Connect expects that the SAML response is signed.  Ensure that JumpCloud is configured to sign SAML responses.**

To complete the configuration, select the **activate** button.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU6TySr1vzFkZfttfAy%2F-LU6XnANjTWVCEgUaycx%2Fsso-step-159b.png?alt=media&#x26;token=f24b521d-3972-4577-8ff4-f38b981090dd" alt=""></div>

Last step is to export the metadata from this connector to import it into the Keeper SSO Connect in Step 8.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LlEUmTPmEvnhOvcAfAi%2F-LlEUoPcII1lfY8QA4Y0%2Fsso-step-160b.png?alt=media\&token=4dbd9dd4-30c8-401e-b8e5-c385c685a480)

Upload this file into the Keeper SSO Connect interface by dragging and dropping the file into the Setup screen:

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-MYGGHtHxH5f3mPxS6Gq%2F-MYNKhnT5QWdx0WDBAmk%2FScreen%20Shot%202021-04-15%20at%206.41.03%20PM.png?alt=media\&token=f29f39fd-524d-49af-84fa-881606170559)

Select **Save** and Your Keeper SSO Connect setup is now complete!

{% hint style="info" %}

### User Provisioning SSO+SCIM

JumpCloud® supports Automated Provisioning with SCIM (System for Cross Domain Identity Management) which will update and deactivate Keeper user accounts as changes are made in JumpCloud®.  Step-by-Step instructions can be found here,  <https://docs.keeper.io/enterprise-guide/user-and-team-provisioning/jumpcloud-provisioning-with-scim>
{% endhint %}