# Jumpcloud Self Serve SSO Steps - SAML

The following steps have to be executed in the SingleStore Helios Portal and the JumpCloud Admin portal sequentially.

## In the SingleStore Helios Portal

1. Open the **ORG:your-org** menu on the top and go to **Organization Details**.

2. Select the **Authentication** tab.

3. Use the **Add Identity Provider** list on the right to add a `SAML 2.0` identity provider connection.

4. Add a **Connection Name**, for example, *JumpCloud SAML*.

5. Copy **SingleStore’s Service Provider Configuration** and store it in a file with a `.xml` extension

## In the JumpCloud Admin Portal

1. In the JumpCloud Admin console, select **SSO** under **User Authentication**.

2. Select  **Get Started** or **+Add New Application.**

3. Selec&#x74;**&#x20;Custom SAML App** at the bottom of the screen.

4. Fill in the details:

   * Display **Label&#x20;**&#x61;s *SingleStore* or  *SingleStore SAML*.
   * Select **Logo** and upload a SingleStore logo.

5. Unselect **Show this application in User Portal** because IdP-initiated login is not yet supported for SAML.

6. Select th&#x65;**&#x20;SSO** tab at the top.

7. Select **Upload Metadata** and upload the saved service provider configuration.

8. That will fill in some fields like **SP Entity ID**.

9. Create an **IdP Entity ID.** This can be anything. For example, *SingleStore-JumpCloud*.

10. Pick a **SAMLSubject NameID**. This should be consistent for each user. Pick a **SAMLSubject NameID Format**. Persistence is best but only if the NameID is actually consistent.

11. Under **Login URL**, add `https://portal.singlestore.com`.

12. Under **User Attribute Mapping** add:
    | Service Provider Attribute Name | JumpCloud Attribute Name |
    | ------------------------------- | ------------------------ |
    | "\<email>"                      | "email"                  |
    | "\<firstName>"                  | "firstName"              |
    | "\<lastName>"                   | "lastName"               |

13. Select **User Groups** at the top of the page.

14. Assign user(s) to the SingleStore application. This can be all the users because SSO is an authentication, not authorization, and assigning users to the application does not grant them access to the SingleStore Helios Portal.

15. Select **Activate** at the bottom of the page.

16. Select **Continue**

17. Select the new application.

18. Select **Export Metadata**.  That should trigger the download of an XML file.

## In the SingleStore Helios Portal

1. Scroll down to **Identity Provider XML** and select **Choose file** to upload the XML file downloaded from the JumpCloud Admin portal.

2. Scroll down to **Map User Attributes** and fill in “email” for email, “firstName” for firstName and “lastName” for lastName.

3. Select **Save**.

***

Modified at: November 26, 2024

Source: [/cloud/security/portal-access/saml/jumpcloud-self-serve-sso-steps-saml/](https://docs.singlestore.com/cloud/security/portal-access/saml/jumpcloud-self-serve-sso-steps-saml/)

(An index of the documentation is available at /llms.txt)