Integrate Jumpcloud SSO with Ezeelogin
Note: SAML is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.
1. Login to Jumpcloud and Add the Application
2. Search for SAML 2.0
3. Change the Display Label and save
4. Select the configure tab and fill in the Application details and activate
IdP Entity ID - Entity ID ( you can find it from ezeelogin GU > Settings > SAML)
SP Entity ID -Entity ID ( you can find it from ezeelogin GU > Settings > SAML)
ACS (Consumer) URL
5. Select the SSO tab from the right panel & Copy the Metadata URL and paste it to Metadata URL on Ezeelogin GUI > Settings > SAML Metadata URL
6. Click on the fetch button, it will auto-fill the SAML setting and SAVE it.
7. Select the user group tab from the left panel, add the user group name, and save it.
8.Add the user by selecting the users tab.
9. Select the SSO applications from left panel and assign the user group to that application
10. Change Web panel Authentication to SAML from Ezeelogin GUI > Settings > General >Authentication
14. You can log in to Ezeelogin shell via Webssh shell or using any SSH client such as Putty or terminal etc.
WebSSH: Click on the 'Open Web SSH Console' icon to SSH via the browser
WebSSH terminal will open like below. Users can navigate the server group with the Up and Down arrow buttons and enter to login into the server.
Native SSH Client: After resetting the password and security code you can SSH to the Ezsh shell (using Terminal or Putty) with the SAML username.
We recommend using the web ssh shell when you are using SAML authentication, which is a lot more convenient as you would not have to worry about the SSH password or the security code for the users.
- Add a different email address for each user. By default, Ezeelogin uses email addresses for creating users.
- If you want to add an existing user in Ezeelogin to SSO, Add the user with the exact username, and email address as follows. (Ezeelogin will verify with the email address of the users by default). Make sure to add the email address for the Ezeelogin Administrator user.
- Saml authentication is not supported for slaves if the URL is IP-based. If you want to authenticate slave using saml you have to use the domain name.
Related Articles: