JumpCloud AuthN¶
As part of the federation gateway feature the integration with JumpCloud Authentication is possible. In this scenario, the users are authenticated against JumpCloud and it is not required to store passwords in our system.
The JumpCloud authentication is triggered at the login page when the user clicks on the JumpCloud icon or automatically if this is the single provider enabled.
Authentication¶
Basic configuration¶
JumpCloud Authentication can be configured at appsettings.json in the authentication service: LoginSettings.IdentityProvidersSettings.JumpCloud:
Enabledfor enabling this provider. Please, check installation guide as there are some IT configurations required before using this provider.UserPoliciesfor configuring how user matching and sync will be performed.
User matching¶
For being able to login into our system is required that the authenticated JumpCloud user exists in our system. The user matching is done following matching rules defined at LoginSettings.IdentityProvidersSettings.JumpCloud .UserPolicies.MatchingFields. The valid options are:
Email.SsoUsername. Any unique identifier for the user, different to the username. It could store an email, this email could be different of the user's email used for notifications.
User sync during authentication¶
During the matching process, it is possible to update some user's properties using the collections UserPolicies.FieldsToUpdatesWhenNull and UserPolicies.FieldsToUpdatesWhenDifferent. The valid options for updates in both scenarios are:
| Option | JumpCloud claim | Sequel's field |
|---|---|---|
Username |
username |
Username |
Email |
Email |
Email |
FirstName |
GivenName |
FirstName |
LastName |
Surname |
LastName |
SsoUsername |
Email |
SsoUsername |
The default configuration looks like:
"JumpCloud": {
"Enabled": true,
"SPEntityId": "_SPEntityID_",
"X509SigningCertificate": "_signingCertificate_",
"LoginUrl": "_loginUrl_",
"UserPolicies": {
"MatchingFields": [ "Username", "Email" ],
"FieldsToUpdatesWhenDifferent": [ "FirstName", "LastName" ]
}
},
If UserPolicies is missing or when some of its properties are null or empty default values will apply:
| MatchingFields | FieldsToUpdatesWhenDifferent |
|---|---|
| Username, Email | FirstName, LastName |