Documentation

Support

Set up SCIM with JumpCloud

Automate the provisioning and deprovisioning of JumpCloud users
Read time 1 minuteLast updated 4 hours ago

Prerequisites

Before you set up System for Cross-domain Identity Management (SCIM) for JumpCloud, ensure these requirements are met:
  • You have set up single sign-on (SSO) for an organization in Unity Cloud. You have added, to your SSO setup, the domains whose users you want to automate provisioning for. Unity has validated these domains. Read more about creating an organization and setting up SSO.
  • A JumpCloud instance exists and manages these users.
  • An existing JumpCloud SSO application is set up with Unity SSO.

Provision a service account

Before you configure SCIM, provision a Unity service account:
  1. Go to the Unity Dashboard.
  2. To switch to the organization for which you want to set up SCIM, select your organization name, select Switch organization, and then select an organization.
  3. Go to Administration > Service accounts.
  4. To create a service account, select New.
  5. Enter a name and a description for the service account, and then select Create. Unity creates a service account and displays its details.
  6. Assign the SCIM Authenticator role to the account:
    1. In the Organization Roles section, select Manage Organization Roles.
    2. Set Admin to 
      SCIM Authenticator
      , and then select Save.
  7. Create keys for the authentication and use of the service account:
    1. In the Keys section, select Add key.
    2. Copy all the key information and keep it. Your Identity Provider (IdP) service requires this information.
Read more about creating a Unity service account in the Unity Services documentation.

Fetch the SCIM connector URL for your organization

  1. On a new tab, go to the Unity Dashboard.
  2. Switch to the organization for which you want to set up SCIM.
  3. Go to Administration > Single sign on.
  4. In the SCIM section, locate the field for the SCIM base connector URL and copy the value. Your IdP service requires this information.

In JumpCloud, turn on SCIM for the provisioning of users

  1. On a new tab, sign in to your JumpCloud admin instance with an admin account.
  2. Go to Access > SSO Applications, and then select your Unity SSO application.
  3. On the Identity Management tab, set this configuration:
    • API type: 
      SCIM API
      .
    • SCIM version: 
      SCIM 2.0
      .
    • Authentication method: 
      API Key
      .
    • Base URL: the SCIM base connector URL that you have copied from Unity Cloud.
    • Authorization header name: 
      Authorization
      .
    • Authorization header value: the value of the authorization header that you have copied from Unity Cloud. Don't paste the full authorization header, but only the part of the authorization header after the string 
      Authorization:
      . The value has this format: 
      Basic <Base64(key ID:secret key)>
      .
    • Test user email: an email address that isn't currently in Unity or in JumpCloud. This email must be within a domain that you have verified for SSO with Unity.
  4. Select Test Connection.
  5. Don't enable group management.
  6. After your connection has been tested, select Activate.

Select JumpCloud users for automated provisioning

  1. In JumpCloud, on the User Groups tab, select the user groups for whom you want to automate provisioning in Unity. Unity automatically provisions the users in the group.
  2. Select Save.

Next steps

Optionally, enforce SCIM provisioning