Jumpcloud Self Serve SSO Steps - OIDC

The following steps have to be executed in the SingleStore Helios Portal and the JumpCloud Admin portal sequentially.

In the SingleStore Helios Portal

  1. Open the ORG:your-org menu on the top and go to Organization Details.

  2. Select the Authentication tab.

  3. Use the Add Identity Provider list on the right to add a SAML 2.0 identity provider connection.

  4. Add a Connection Name, for example, JumpCloud OIDC.

In the JumpCloud Admin Portal

  1. In the JumpCloud Admin console, select SSO under User Authentication.

  2. Select Get Started or +Add New Application.

  3. In the Create New Application Integration screen, scroll down to Custom Application, select it, and then select Next.

  4. Select Manage Single Sign-On (SSO) then Configure SSO with OIDC and select Next.

  5. Fill in the details:

    • Display Label as SingleStore or  SingleStore OIDC.

    • Select User Portal Image and upload a SingleStore icon, and select Next.

  6. Proceed to Configure Application.

  7. General Info should already be filled out by this point, so move on to the SSO tab.

  8. Under Endpoint Configuration select Refresh Token such that both Authorization Code and Refresh Token are selected.

  9. Under Client Authentication Type select Public (None PKCE).

  10. Scroll down to Attribute Mapping (optional).

  11. Select both Email and Profile under Standard Scopes.

  12. From the SingleStore Helios Portal copy:

    • Login Redirect URLs to Redirect URLs

    • Login Initiation URI. to Login URL*.

  13. Select User Groups at the top of the page.

  14. Assign user(s) to the SingleStore application. This can be all the users because SSO is an authentication, not authorization, and assigning users to the application does not grant them access to the SingleStore Helios Portal.

  15. Select Activate at the bottom of the page.

  16. From the Application Saved popup, select Got It.

In the SingleStore Helios Portal

  1. From the JumpCloud portal copy Client ID to Client ID .

  2. Enter https://oauth.id.jumpcloud.com/ as Issuer.

  3. Enter https://oauth.id.jumpcloud.com/.well-known/openid-configuration as Discovery Endpoint under Connection Settings.

  4. Adjust the scopes to be:

    • openid (cannot edit)

    • offline_access

    • email

    • profile

  5. Add your domain, verify it and activate it.

Last modified: August 6, 2024

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined
  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined
  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
    cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
    --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
    --bundle undefined \
    --new-bundle-format -
    Verified OK