Jumpcloud Self Serve SSO Steps - SAML

Open the ORG:your-org menu on the top and go to Organization Details.

Select the Authentication tab.

Use the Add Identity Provider list on the right to add a SAML 2.0 identity provider connection.

Add a Connection Name, for example, JumpCloud SAML.

Copy SingleStore’s Service Provider Configuration and store it in a file with a .xml extension

In the JumpCloud Admin console, select SSO under User Authentication.

Select Get Started or +Add New Application.

Select Custom SAML App at the bottom of the screen.

Fill in the details:

• Display Label as SingleStore or  SingleStore SAML.

• Select Logo and upload a SingleStore logo.

Unselect Show this application in User Portal because IdP-initiated login is not yet supported for SAML.

Select the SSO tab at the top.

Select Upload Metadata and upload the saved service provider configuration.

That will fill in some fields like SP Entity ID.

Create an IdP Entity ID. This can be anything. For example, SingleStore-JumpCloud.

Pick a SAMLSubject NameID. This should be consistent for each user. Pick a SAMLSubject NameID Format. Persistence is best but only if the NameID is actually consistent.

Under Login URL, add https://portal.singlestore.com.

Under User Attribute Mapping add:

Select User Groups at the top of the page.

Assign user(s) to the SingleStore application. This can be all the users because SSO is an authentication, not authorization, and assigning users to the application does not grant them access to the SingleStore Helios Portal.

Select Activate at the bottom of the page.

Select Continue

Select the new application.

Select Export Metadata.  That should trigger the download of an XML file.

Scroll down to Identity Provider XML and select Choose file to upload the XML file downloaded from the JumpCloud Admin portal.

Scroll down to Map User Attributes and fill in “email” for email, “firstName” for firstName and “lastName” for lastName.

Select Save.