github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
69335153cedb0328116a51ae27ffc57afa00e97b
firezone/www/docs/authenticate/saml/jumpcloud.mdx
Jamil 69335153ce Remove docs.firezone.dev CNAME (#1418) 
This corresponds to step (1) of #1417
2023-02-09 15:19:19 -08:00

72 lines
5.6 KiB
Plaintext
Raw Blame History

---
title: JumpCloud
sidebar_position: 4
description:
Enforce 2FA/MFA using JumpCloud for users of Firezone's WireGuard®-based
secure access platform. This guide walks through integrating JumpCloud
for single sign-on using the SAML 2.0 connector.
---
# Enable SSO with JumpCloud (SAML 2.0)
:::note
This guide assumes you have completed the prerequisite steps
(e.g. generate self-signed X.509 certificates) outlined [here](/authenticate/saml#prerequisites).
:::
Firezone supports Single Sign-On (SSO) using JumpCloud through the generic SAML 2.0 connector.
This guide will walk you through how to configure the integration.
## Step 1: Create a SAML connector
In the JumpCloud admin portal, create a new App under
the SSO tab. At the bottom of the popup window, click `Custom SAML App`.
After entering your desired value for `Display Label`, click the `SSO` tab,
then use the following configuration values:
| Setting | Value |
| --- | --- |
| IdP Entity ID | Any unique string will work, e.g. `firezone-jumpcloud`. |
| SP Entity ID | This should be the same as your Firezone `SAML_ENTITY_ID`, defaults to `urn:firezone.dev:firezone-app`. |
| ACS URL | This is your Firezone `EXTERNAL_URL/auth/saml/sp/consume/:config_id`, e.g. `https://firezone.company.com/auth/saml/sp/consume/jumpcloud`. |
| SAMLSubject NameID | `email` |
| SAMLSubject NameID Format | Leave at the default. |
| Signature Algorithm | `RSA-SHA256` |
| Sign Assertion | **Checked**. |
| Login URL | This is your Firezone `EXTERNAL_URL/auth/saml/auth/signin/:config_id`, e.g. `https://firezone.company.com/auth/saml/auth/signin/jumpcloud`|
Leave the rest of the settings unchanged, then click the `activate` button at the bottom-right.
Your JumpCloud configuration should now resemble the following:
![JumpCloud SAML](https://user-images.githubusercontent.com/52545545/202558446-128e7484-eda6-429f-b6c1-dbabbf5dc7e3.png)
Now, download the IdP Metadata document by selecting the App you just created
and then clicking the `export metadata` button in the upper-right. You'll need
to copy-paste the contents of this document into the Firezone portal in the next step.
## Step 2: Add SAML identity provider to Firezone
In the Firezone portal, add a SAML identity provider under the Security tab
by filling out the following information:
| Setting | Value | Notes |
| --- | --- | --- |
| Config ID | `jumpcloud` | Firezone uses this value to construct endpoints required in the SAML authentication flow (e.g., receiving assertions, login requests). |
| Label | `JumpCloud` | Appears on the sign in button for authentication. |
| Base URL | Leave unchanged. | |
| Metadata | see note | Copy-paste the contents of the SAML metadata document you downloaded in the previous step from JumpCloud. |
| Sign assertions | Checked. | |
| Sign metadata | Checked. | |
| Require signed assertions | Checked. | |
| Required signed envelopes | **Unchecked.** | |
| Auto create users | Default `false` | Enable this setting to automatically create users when signing in with this connector for the first time. Disable to manually create users. |
Your Firezone configuration should now resemble the following:
![Firezone SAML](https://user-images.githubusercontent.com/52545545/202557853-95246d0e-074c-4d31-ab89-26a3a3a7deda.png)
After saving the SAML config, you should see a `Sign in with JumpCloud` button
on your Firezone portal sign-in page.
Reference in New Issue View Git Blame Copy Permalink