# Jumpcloud Self Serve SSO Steps - OIDC

The following steps have to be executed in the SingleStore Helios Portal and the JumpCloud Admin portal sequentially.

## In the SingleStore Helios Portal

1. Open the **ORG:your-org** menu on the top and go to **Organization Details**.

2. Select the **Authentication** tab.

3. Use the **Add Identity Provider** list on the right to add a `SAML 2.0` identity provider connection.

4. Add a **Connection Name**, for example, *JumpCloud OIDC*.

## In the JumpCloud Admin Portal

1. In the JumpCloud Admin console, select **SSO** under **User Authentication**.

2. Select **Get Started** or **+Add New Application**.

3. In the **Create New Application Integration** screen, scroll down to **Custom Application**, select it, and then select **Next.**

4. Select **Manage Single Sign-On (SSO) &#x20;**&#x74;hen Configure SSO with OIDC and select `Next`.

5. Fill in the details:

   * Display **Label&#x20;**&#x61;s *SingleStore* or  *SingleStore OIDC*.
   * Select **User Portal Image** and upload a SingleStore icon, and select **Next.**

6. Proceed to **Configure Application**.

7. **General Info** should already be filled out by this point, so move on to the **SSO&#x20;**&#x74;ab.

8. Under **Endpoint Configuration** select **Refresh Token** such that both `Authorization Code` and `Refresh Token` are selected.

9. Under **Client Authentication Type** select `Public (None PKCE)`.

10. Scroll down to **Attribute Mapping (optional).**

11. Select both `Email` and `Profile` under **Standard Scopes**.

12. From the SingleStore Helios Portal copy:&#x20;

    * **Login Redirect URLs** to `Redirect URLs`
    * **Login Initiation URI**. to  **Login URL\***.

13. Select **User Groups** at the top of the page.

14. Assign user(s) to the SingleStore application. This can be all the users because SSO is an authentication, not authorization, and assigning users to the application does not grant them access to the SingleStore Helios Portal.

15. Select **Activate** at the bottom of the page.

16. From the **Application Saved&#x20;**&#x70;opup, select **Got It**.

## In the SingleStore Helios Portal

1. From the JumpCloud portal copy **Client ID** to **Client ID** .

2. Enter `https://oauth.id.jumpcloud.com/` as `Issuer`.

3. Enter `https://oauth.id.jumpcloud.com/.well-known/openid-configuration` as **Discovery Endpoint** under **Connection Settings**.

4. Adjust the scopes to be:

   * `openid` (cannot edit)
   * `offline_access`
   * `email`
   * `profile`

5. [Add your domain](https://docs.singlestore.com/cloud/security/portal-access/identity-provider-connections.md), [verify it](https://docs.singlestore.com/cloud/security/portal-access/identity-provider-connections/#section-idm4545492259355233864600968389.md) and activate it.

***

Modified at: August 6, 2024

Source: [/cloud/security/portal-access/oidc/jumpcloud-self-serve-sso-steps-oidc/](https://docs.singlestore.com/cloud/security/portal-access/oidc/jumpcloud-self-serve-sso-steps-oidc/)

(An index of the documentation is available at /llms.txt)