# JumpCloud Setup

{% hint style="warning" %}
Before continuing, this user should be a JumpCloud admin for the organization, and a SAML Config must be created in the Integration Gateway Environment.
{% endhint %}

### Create the Integration Gateway SSO Application in JumpCloud <a href="#jumpcloudsso-basicsetuphowto-createtheglyuessoapplicationinjumpcloud" id="jumpcloudsso-basicsetuphowto-createtheglyuessoapplicationinjumpcloud"></a>

From the JumpCloud dashboard, select **SSO** from the left-hand navbar and click the **Add New Application** button.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FxmR5FvSE51Q4QyjUqKaP%2Fimage.png?alt=media&#x26;token=bb50910f-dfc0-4346-8101-e8b756d61343" alt=""><figcaption></figcaption></figure>

At the bottom of the page, click the **Custom SAML App** button.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FqTa5z4I70HJPmy7e8jB6%2Fimage.png?alt=media&#x26;token=2772b510-30e5-4b52-8819-afcb9800eb03" alt=""><figcaption></figcaption></figure>

Provide a **Display Label**. We recommend something like Integration Gateway **DEV,** Integration Gateway **PROD**, etc. Provide a **Description** if desired.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FCUquLyr6UqS7gu7Arqhu%2Fimage.png?alt=media&#x26;token=0e0add87-bc23-47f1-ac7f-83c790d50c95" alt=""><figcaption></figcaption></figure>

### Provide Integration Gateway's SAML Metadata to JumpCloud <a href="#jumpcloudsso-basicsetuphowto-provideglyuessamlmetadatatojumpcloud" id="jumpcloudsso-basicsetuphowto-provideglyuessamlmetadatatojumpcloud"></a>

Click the **SSO** tab.

{% hint style="info" %}
The Integration Gateway environment SAML metadata will be required for the next step.

Integration Gateway always serves its metadata at `https://`\[domain]`/sso/saml2/metadata/`. If this user is also a Integration Gateway administrator, the metadata URL will be displayed on the **Admin** site under **SAML Configs**.
{% endhint %}

Click the **Upload Metadata** button and upload the metadata provided by Integration Gateway.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FIcbB6Ntz0fVUU7oUtuKc%2Fimage.png?alt=media&#x26;token=77043777-5299-4b55-91ab-a14de926570e" alt=""><figcaption></figcaption></figure>

Provide a custom **IdP Entity ID**. Any unique value will do.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FwaPRYlfP4SeZs1xdlQnW%2Fimage.png?alt=media&#x26;token=d84656c4-18e4-4940-a528-6311c159fdfc" alt=""><figcaption></figcaption></figure>

### Add Users <a href="#jumpcloudsso-basicsetuphowto-addusers" id="jumpcloudsso-basicsetuphowto-addusers"></a>

On the **User Groups** tab users/groups can be assigned to the application. Only assigned users/groups will be able to authenticate with Integration Gateway via JumpCloud.

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FQzF3cRJRRgt8ANEkiyjq%2Fimage.png?alt=media&#x26;token=b742307f-2ae7-452c-87a8-be4b90e9d8a1" alt=""><figcaption></figcaption></figure>

Add the desired users/groups for the organization. This can also be done later.

### Activate the SSO App <a href="#jumpcloudsso-basicsetuphowto-activatethessoapp" id="jumpcloudsso-basicsetuphowto-activatethessoapp"></a>

Click **Activate** at the bottom of the screen.

Back in **Configured Applications**, select the new SSO App and click **Export Metadata.**

<figure><img src="https://688288018-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F1flQ2To8tQpCQWl2Ty9U%2Fuploads%2FtoG5ptq9dh0NpwkfGChc%2Fimage.png?alt=media&#x26;token=532ab4f8-af95-4c14-9318-98cf4f08ebc7" alt=""><figcaption></figcaption></figure>

An XML file should be downloaded. This file will be needed on the Integration Gateway side in order to add JumpCloud as an IdP, which is the last step. If not a Integration Gateway admin, please provide this file to a Sandbox Banking employee.

{% hint style="warning" %}

### Lastly… <a href="#azuresso-basicsetuphowto-lastly..." id="azuresso-basicsetuphowto-lastly..."></a>

Don’t forget to assign users or groups to the new application- otherwise they won’t be able to authenticate with Integration Gateway via SSO.
{% endhint %}