Skip to main content
SAML Login JumpCloud: Login with SAML

JumpCloud: Login with SAML

This feature is only available on a Pro or Scale plan and is not enabled by default. If you’d like to enable this feature, please reach out via the chat in the bottom right corner within Aikido.

If you switch to SAML Login instead of auto-onboarding via your Git provider, team import from GitHub, Bitbucket, or Azure DevOps will no longer work. You will need to manage your teams manually moving forward, either through the Aikido UI or Access Profiles.

Setting up SAML in your account

Step 1. Go to General Settings and click 'Enable SAML Authentication'

Step 2. Copy all details to your identity provider. See steps below.

Continue in JumpCloud

Step 1. Go to User Authentication > SSO Applications in the JumpCloud Admin Portal navigation.

Step 2. Click the Add New Application and search for SAML 2.0. Click Next.

Step 3. Choose a Display Label and click Save Application.

Step 4. Click Configure Application.

Step 5. Click on the SSO tab and fill following fields:

  • Idp Entity ID: https://console.jumpcloud.com/<appname>

  • SP Entity ID: https://app.aikido.dev/saml

  • ACS URLs - Default URL: https://app.aikido.dev/api/saml/saml_auth?samlClientId=... (As shown in Aikido)

  • SAMLSubject NameID: email

  • SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  • Signature Algorithm: RSA-SHA256

  • Default RelayState: You can leave this empty

Step 6. We'll continue in Aikido, but you might as well click Save and come back to this screen.

Go back to Aikido

  • Fill in the:

    • Entity ID / Issuer: https://console.jumpcloud.com/<appname> (Make sure this matches what you've entered as Idp Entity ID in JumpCloud. If you're having issues with this, see the Troubleshooting section at the bottom)

    • Single Sign-On URL: as shown in JumpCloud under IDP URL. (looks like https://sso.jumpcloud.com/saml2/<appname>)

    • X.509 Certificate: This can be fetched in different ways. One way is to click Export Metadata in JumpCloud the config and open the downloaded xml. You'll find your certificate between the ds:X509Certificate tags.

  • Also fill out the Company Domain to make sure people can log in without the need of a Single Sign-On URL.

Success! People having access to your JumpCloud SAML app will now be able to auto-onboard to your Aikido workspace.

2 options for users to login using your SAML client

Option 1. Using SSO Link Directly

Copy the Login Link and share this internally with other users.

Option 2. Going to the Aikido login screen, selecting Login Via SSO and filling in the email address Important: the email needs to contain the company domain that has been set up.

Troubleshooting

Error

Solution

Make sure the Idp Entity ID is unique. Perhaps you could change it to https://console.jumpcloud.com/<samlClientId>. Note that you'll also need to change it in Aikido in Entity ID / Issuer as these should match.