github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(website): remove JumpCloud references (#10704)

Browse Source 
With the refactoring coming up in #6294 we will be dropping production
support for JumpCloud directory sync.

In practice, this likely won't be an issue due to the better ergonomics
/ JIT provisioning that will be offered in the new system.

Related: #2701 
Related: #6294
Related: #3115 
Related: #7834
This commit is contained in:
Jamil
2025-10-24 07:40:51 -07:00
committed by GitHub
parent 0d2ddd8497
commit f39abdfa74
15 changed files with 18 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
website/src/app/blog/jun-2024-update/readme.mdx
View File

@@ -11,8 +11,6 @@ import Image from "next/image";
## In this update:
- **New feature:** [Conditional access policies](#conditional-access-policies)
- **New feature:**
[Directory sync support for JumpCloud](#directory-sync-support-for-jumpcloud)
- **Blog post:**
[Using Tauri for a cross-platform security app](/blog/using-tauri)
- **Blog post:**
@@ -138,28 +136,6 @@ Time-based access policies open the door for interesting use cases. For example:
By locking down access to Resources based on the time of day, you add another
tool to your security arsenal to prevent unauthorized access to your Resources.
### Directory sync support for JumpCloud
<Image
src="/images/blog/jun-2024-update/jump_dir_sync.png"
alt="JumpCloud directory sync"
width={400}
height={400}
className="rounded shadow"
/>
In our ongoing effort to make Firezone more accessible to organizations of all
sizes, we've added support for syncing your JumpCloud directory with Firezone.
This integration leverages JumpCloud's SCIM API to push user and group updates
in real-time as they're made in your JumpCloud account. Set up takes only a few
minutes, and once it's done, you can manage access to your Resources in Firezone
using your JumpCloud groups, just like you would with any other identity
provider.
Like other providers, JumpCloud directory sync is available on our Enterprise
plan to ensure we can provide a smooth setup and support experience.
### Blog posts
- [Using Tauri for a cross-platform security app](/blog/using-tauri): Our

3
website/src/app/blog/posts.tsx
View File

@@ -117,9 +117,6 @@ export default function Posts() {
<li>
<strong>New feature:</strong> Conditional access policies
</li>
<li>
<strong>New feature:</strong> Directory sync support for JumpCloud
</li>
<li>
<strong>Blog post:</strong>{" "}
<Link

10
website/src/app/kb/authenticate/directory-sync/readme.mdx
View File

@@ -9,13 +9,11 @@ import SupportOptions from "@/components/SupportOptions";
</PlanBadge>
Firezone supports automatic directory sync from Google Workspace, Microsoft
Entra ID, Okta, and JumpCloud. This feature is **automatically enabled** when
you create one of the [Google Workspace](/kb/authenticate/google),
Entra ID, and Okta. This feature is **automatically enabled** when you create
one of the [Google Workspace](/kb/authenticate/google),
[Microsoft Entra](/kb/authenticate/entra), or [Okta](/kb/authenticate/okta)
connectors. For the [JumpCloud connector](/kb/authenticate/jumpcloud), a final
setup step is required after creating the connector to activate JumpCloud's SCIM
API. Once the connector is activated, users, groups, and organizational units
will be synced from your identity provider every few minutes.
connectors. Once the connector is activated, users, groups, and organizational
units will be synced from your identity provider every few minutes.
## Role mapping

8
website/src/app/kb/authenticate/email/readme.mdx
View File

@@ -14,8 +14,7 @@ This connector is enabled by default for all plans and is designed to get you up
and running with Firezone quickly. For production deployments, we recommend
setting up [Universal OIDC](/kb/authenticate/oidc),
[Google Workspace](/kb/authenticate/google),
[Microsoft Entra ID](/kb/authenticate/entra), [Okta](/kb/authenticate/okta), or
[JumpCloud](/kb/authenticate/jumpcloud) authentication.
[Microsoft Entra ID](/kb/authenticate/entra), or [Okta](/kb/authenticate/okta).
Firezone's OTP-based email authentication connector sends a one-time password to
the user's email each time authentication is requested. This password is
@@ -24,9 +23,8 @@ short-lived and can only be used to authenticate once.
<Alert color="warning">
User / group sync is **not supported** with the Email (OTP) connector. See the
[Google Workspace](/kb/authenticate/google), [Microsoft Entra
ID](/kb/authenticate/entra), [Okta](/kb/authenticate/okta), or
[JumpCloud](/kb/authenticate/jumpcloud) connectors for automatic directory
sync.
ID](/kb/authenticate/entra), or [Okta](/kb/authenticate/okta) connectors for
automatic directory sync.
</Alert>
## Disabling email authentication

6
website/src/app/kb/authenticate/jumpcloud/_page.tsx
View File

@@ -1,6 +0,0 @@
"use client";
import Content from "./readme.mdx";
export default function _Page() {
return <Content />;
}

11
website/src/app/kb/authenticate/jumpcloud/page.tsx
View File

@@ -1,11 +0,0 @@
import _Page from "./_page";
import { Metadata } from "next";
export const metadata: Metadata = {
title: "JumpCloud Authentication • Firezone Docs",
description: "Firezone Documentation",
};
export default function Page() {
return <_Page />;
}

226
website/src/app/kb/authenticate/jumpcloud/readme.mdx
View File

@@ -1,226 +0,0 @@
import Alert from "@/components/DocsAlert";
import PlanBadge from "@/components/PlanBadge";
import SupportOptions from "@/components/SupportOptions";
import Image from "next/image";
import Link from "next/link";
<PlanBadge plans={["starter", "team", "enterprise"]}>
# SSO with JumpCloud
</PlanBadge>
Firezone integrates with [JumpCloud](https://www.jumpcloud.com) using a custom
connector that supports both authentication and directory sync. Use this guide
if you're looking to setup SSO with JumpCloud for your Firezone account and
optionally sync users and groups from JumpCloud to Firezone.
<Alert color="info">
Directory sync is supported for the **Enterprise** plan only.
</Alert>
## Overview
The JumpCloud connector uses OpenID Connect for authentication and JumpCloud's
SCIM API to optionally support directory sync on Enterprise plans.
When directory sync is enabled, users and groups are synced every few minutes to
ensure that your Firezone account remains up-to-date with the latest identity
data from JumpCloud. [Read more](/kb/authenticate/directory-sync) about how sync
works.
## Setup
Setting up the JumpCloud connector is similar to the process of setting up a
universal OIDC connector. The main difference is omission of the
`Discovery Document URI` configuration field, as this is the same for all
JumpCloud tenants.
Follow the steps below to setup the JumpCloud connector.
### Step 1: Start the JumpCloud provider setup in Firezone
In your admin portal, go to `Settings -> Identity Providers` and click
`Add Identity Provider`. Then, select `JumpCloud` from the list of identity
providers.
You'll be shown a summary of the steps you need to complete to setup the
JumpCloud provider. Keep this page open as you'll need to refer to it in the
following steps.
### Step 2: Create a new SSO application in JumpCloud
[Login to your JumpCloud admin portal](https://console.jumpcloud.com/login),
click **SSO Applications** and then **+ Add New Application**.
<Link
href="/images/kb/authenticate/jumpcloud/1-add-application.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/1-add-application.png"
alt="SSO Applications"
width={1200}
height={1200}
/>
</Link>
Select **Custom Application** and click **Next**.
<Link
href="/images/kb/authenticate/jumpcloud/2-custom-application.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/2-custom-application.png"
alt="Custom Application"
width={1200}
height={1200}
/>
</Link>
On the next screen, ensure **Manage Single Sign-On** is selected, and select the
**Configure SSO with OIDC** option.
Optionally, select **Export users to this app (Identity Management)** if you
plan to set up directory sync for this connector.
Click **Next**.
<Link
href="/images/kb/authenticate/jumpcloud/3-select-options.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/3-select-options.png"
alt="Select options"
width={1200}
height={1200}
/>
</Link>
On the next screen, enter `Firezone` for the **Display Label**.
Choose **Logo** for the User Portal Image and use this link to download an
appropriate logo to use for the app registration:
- [https://www.firezone.dev/images/kb/authenticate/jumpcloud/jumpcloud-oauth-screen-logo.png](https://www.firezone.dev/images/kb/authenticate/jumpcloud/jumpcloud-oauth-screen-logo.png)
Then click **Next**.
<Link
href="/images/kb/authenticate/jumpcloud/4-configure-application.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/4-configure-application.png"
alt="Configure application"
width={1200}
height={1200}
/>
</Link>
On the following screen, select the **User Groups** tab and choose which users
you'd like to grant access to Firezone.
<Link
href="/images/kb/authenticate/jumpcloud/5-select-user-groups.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/5-select-user-groups.png"
alt="Select user groups"
width={1200}
height={1200}
/>
</Link>
Next, go back to the **SSO** tab and copy the two **Redirect URIs** shown in the
setup page from the Firezone admin portal and paste them here.
Use [https://app.firezone.dev/](https://app.firezone.dev) for the **Login URL**.
Then, under **Attribute Mapping**, make sure **Email** and **Profile** are both
checked under **Standard Scopes**. Leave the mappings as they are.
Then, click **Activate**.
<Link
href="/images/kb/authenticate/jumpcloud/6-enter-redirect-uris.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/6-enter-redirect-uris.png"
alt="Enter redirect URIs"
width={1200}
height={1200}
/>
</Link>
You should now see a screen that says **Application Saved** with the **Client
ID** and **Client Secret**.
<Link
href="/images/kb/authenticate/jumpcloud/7-copy-client-details.png"
target="_blank"
>
<Image
src="/images/kb/authenticate/jumpcloud/7-copy-client-details.png"
alt="Enter redirect URIs"
width={1200}
height={1200}
/>
</Link>
**Important**: Make sure to save the `Client ID` and `Client Secret` fields in a
safe place as they won't be shown again.
### Step 3: Finish setting up the JumpCloud provider in Firezone
Go back to the setup page in the Firezone admin portal and enter the `Client ID`
and `Client Secret` values you copied from the JumpCloud application in the
previous step.
Then, click **Connect Identity Provider**.
If you get successfully redirected back to your Firezone admin portal, you're
done! Your JumpCloud connector is now ready to authenticate users.
If you'd like to enable directory sync, keep reading below.
<PlanBadge plans={["enterprise"]}>
### Step 4: Enable directory sync (optional)
</PlanBadge>
To enable directory sync, go to the JumpCloud provider you just created in the
Firezone admin portal. Click the **Setup Sync** button in the **Sync Status**
section of the **Details** pane.
You'll be taken through a detailed step-by-step guide to set up SCIM 2.0 with
JumpCloud. Make sure to follow the instructions carefully to ensure that the
sync is set up correctly.
<Alert color="warning">
**Note**: Firezone uses [WorkOS](https://workos.com) behind the scenes to
connect to JumpCloud's SCIM API. When setting up the SCIM integration, you'll
be taken through WorkOS's setup flow hosted from the `setup.workos.com`
domain. This is completely normal. You **do not** need to create a WorkOS
account for this to function.
</Alert>
Once directory sync is enabled, users and groups will be synced every few
minutes to ensure that your Firezone account remains up-to-date with the latest
identity data from JumpCloud.
<Alert color="info">
Synced users will be assigned the `User` role by default, allowing them access
to sign in from the Firezone Client only. If you need to grant access to the
admin portal, you need to manually promote the user to the `Admin` role by
visiting `Actors -> <actor name> -> Edit User` and updating their role.
</Alert>
<SupportOptions />

7
website/src/app/kb/authenticate/oidc/readme.mdx
View File

@@ -127,10 +127,9 @@ the [REST API](/kb/reference/rest-api) to create groups programmatically.
<Alert color="info">
If you're using the [Google Workspace](/kb/authenticate/google), [Microsoft
Entra](/kb/authenticate/entra), [Okta](/kb/authenticate/okta) connectors, or
[JumpCloud](/kb/authenticate/jumpcloud) connectors, users and groups are
automatically synced from your identity provider and do not need to be created
manually.
Entra](/kb/authenticate/entra), or [Okta](/kb/authenticate/okta) connectors,
users and groups are automatically synced from your identity provider and do
not need to be created manually.
</Alert>
<SupportOptions />

2
website/src/app/kb/authenticate/page.tsx
View File

@@ -4,7 +4,7 @@ import { Metadata } from "next";
export const metadata: Metadata = {
title: "Authentication Overview • Firezone Docs",
description:
"Firezone supports Google Workspace, Okta, Microsoft Entra ID, JumpCloud, OIDC, and email authentication methods.",
"Firezone supports Google Workspace, Okta, Microsoft Entra ID, OIDC, and email authentication methods.",
};
export default function Page() {

8
website/src/app/kb/authenticate/readme.mdx
View File

@@ -15,15 +15,13 @@ below for more in-depth guides for each supported provider:
optionally sync users and groups with Microsoft Entra ID.
1. [Okta](/kb/authenticate/okta): Authenticate users and optionally sync users
and groups with Okta.
1. [JumpCloud](/kb/authenticate/jumpcloud): Authenticate users and optionally
sync users and groups with JumpCloud.
1. [OpenID Connect (OIDC)](/kb/authenticate/oidc): Authenticate to any OpenID
Connect provider using a universal OIDC connector.
It's possible to create multiple providers for the Google Workspace, Microsoft
Entra ID, Okta, JumpCloud, and OIDC connectors. This allows you to authenticate
users against multiple providers at the same time, each with different Groups
and Policies applied to them.
Entra ID, Okta, and OIDC connectors. This allows you to authenticate users
against multiple providers at the same time, each with different Groups and
Policies applied to them.
<Alert color="warning">
Disabling the email provider can lock you out of your account in the event

2
website/src/app/kb/deploy/groups/readme.mdx
View File

@@ -18,7 +18,7 @@ appropriate name for the group.
<Alert color="info">
Automatic group sync is available for Google Workspace, Microsoft Entra ID,
Okta, and JumpCloud providers with the Enterprise plan. [Read
and Okta providers with the Enterprise plan. [Read
more](/kb/authenticate/directory-sync) about how it works or [contact
sales](/contact/sales) to upgrade.
</Alert>

4
website/src/app/kb/deploy/users/readme.mdx
View File

@@ -13,8 +13,8 @@ Users can be created by going to `Actors -> Add Actor` and then selecting `User`
as the actor type.
<Alert color="info">
Automatic user sync is available for Google Workspace, Microsoft Entra ID,
Okta, and JumpCloud providers with the Enterprise plan. [Read
Automatic user sync is available for Google Workspace, Microsoft Entra ID, and
Okta providers with the Enterprise plan. [Read
more](/kb/authenticate/directory-sync) about how it works or [contact
sales](/contact/sales) to upgrade.
</Alert>

2
website/src/app/pricing/_page.tsx
View File

@@ -274,7 +274,7 @@ export default function Page() {
<li className="flex space-x-2.5">
<FaCheck className="mt-0.5 flex-shrink-0 text-primary-450 w-4 h-4" />
<span className="leading-tight">
Directory sync for Google, Entra ID, Okta, and JumpCloud
Directory sync for Google, Entra ID, and Okta
</span>
</li>
<li className="flex space-x-2.5">

12
website/src/app/pricing/plan_table.tsx
View File

@@ -369,18 +369,6 @@ export default function PlanTable() {
<FaCheck className="mx-auto flex-shrink-0 w-5 h-5 text-neutral-900" />
</td>
</tr>
<tr className="border-b border-1 border-neutral-200">
<td className="gmx-1 py-4">
<Tooltip content="Automatically sync users and groups from JumpCloud to Firezone">
JumpCloud directory sync
</Tooltip>
</td>
<td className="font-semibold gmx-1 py-4 text-center">&#8212;</td>
<td className="font-semibold gmx-1 py-4 text-center">&#8212;</td>
<td className="gmx-1 py-4">
<FaCheck className="mx-auto flex-shrink-0 w-5 h-5 text-neutral-900" />
</td>
</tr>
<tr>
<td
colSpan={4}

3
website/src/components/KbSidebar/index.tsx
View File

@@ -44,9 +44,6 @@ export default function KbSidebar() {
<SidebarItem href="/kb/authenticate/okta">
SSO with Okta
</SidebarItem>
<SidebarItem href="/kb/authenticate/jumpcloud">
SSO with JumpCloud
</SidebarItem>
<SidebarItem href="/kb/authenticate/oidc">
SSO with Universal OIDC
</SidebarItem>