Skip to main content

JumpCloud SSO

In this guide, you’ll learn how to set up JumpCloud in Coalesce.

JumpCloud Administrator

You must be a JumpCloud Administrator to complete this process.

Before You Begin

Check Your Subdomain

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp.

To check if already have a subdomain, go your organizations single sign-on settings.

If you don't have a subdomain, you can add one to the subdomain box. Coalesce will automatically configure your subdomain based on the name entered. Check with your IT team before adding it to your organizations settings.

Single Sign-On configuration form header showing Authority and Subdomain fields with Other selected

JumpCloud Setup

  1. In the JumpCloud console, under User Authentication, click SSO Applications > Add New Application.

  2. Select Custom Application from the list.

    The image shows the JumpCloud interface for creating a new application integration. It highlights the selection of a custom application and displays integration options, including SSO with OIDC, SSO with SAML, user import/export, and URL bookmark.

  3. Enable Manage Single Sign-On(SSO) and select Configure SSO with OIDC.

    The image shows the JumpCloud interface for creating a new application integration, where the Manage Single Sign-On (SSO) feature is selected. The user has chosen to configure SSO with OIDC, while the Import users from this app (Identity Management) option is not selected.

  4. Enter the Display Label and any other information you want about the app. Make sure Show this application in User Portal is checked.

  5. On the Configure Your Application screen, enter the Redirect URL or callback URI and the Login URL. The subdomain is the one you created for Coalesce in the SSO config.

    1. Callback: https://yoursubdomain.app.coalescesoftware.io/login/callback
    2. Login: https://yoursubdomain.app.coalescesoftware.io/login

  6. Set Client Authentication Type to Public (None PKCE).

    The image shows the JumpCloud interface for configuring SSO settings during application integration. It displays a Redirect URI field with a URL provided, a Client Authentication Type set to Public (None PKCE), and a Login URL field where users are required to enter the URL needed for users to log into the application.

  7. Scroll down and enable Attribute Mapping for both email and profile. This allows Coalesce to receive the email address and name so the account can be set up. The defaults can be left as is.

    The image shows JumpCloud SSO settings, specifically the email and profile mapping

  8. Click Activate. After activating, you'll get a popup with the Client ID you'll use in the Coalesce SSO configuration.

    Image showing JumpCloud SSO Client ID and Secret.

Coalesce SSO Configuration

  1. Open a new window.

  2. Sign in to your Coalesce application using username and password.

  3. Go to Organization Settings > Single Sign-On.

  4. Enter in the following information:

    FieldDescription
    AuthorityThe system being used for Single Sign On. Choose Other.
    SubdomainThe one you created during "Before You Begin.
    Authorization Serverhttps://oauth.id.jumpcloud.com
    OIDC Client IDThe Client ID from JumpCloud.
    Server-Side Authorization (Optional)Toggle on to add an authorization URL. Use this when the authorization server blocks access to the OpenID configuration or token endpoints.
    Authorization Endpoint (Available with Server-Side Authorization )The authorization URL to redirect to.
    The image shows the Org Settings page in Coalesce's interface, specifically the Single Sign-On configuration section. It includes fields for Authority, Subdomain, Authorization Server, and OIDC Client ID, along with an option to enable Server-Side Authorization.

  5. Logout and go to your Coalesce login page, for example https://testapp.app.coalescesoftware.io/.

  6. Click the Single Sign-On button to login. You'll be redirected to the JumpCloud login page if not logged in already, otherwise you will be logged in straight away.

If instead of a button you see an error message, check to make sure you correctly entered all the fields in your Coalesce SSO settings. If the problem persists please reach out to our Support Team.

Duplicate Accounts After SSO Setup

Seperate SSO Account Creation

The creation of a separate SSO account is expected behavior and does not affect your existing basic auth account's permissions.

When you first authenticate using SSO in Coalesce, the system creates a new SSO account separate from your existing basic authentication account. This new SSO account is automatically assigned Org Member permissions by default.

If you previously had admin permissions through your basic auth account, you'll need to update the permissions for your new SSO account. To do this:

  1. Log in using your basic authentication credentials.
  2. Update the permissions for your SSO account.
  3. If you don't have admin access, contact your organization's admin to update the permissions.