Important: This article contains out-of-date information. For current application information, see Connecting Applications with JumpCloud Using Pre-Built Connectors.
In order to successfully complete the integration between JumpCloud and Mingle by Thoughtworks, you must use an administrator account in Mingle.
Note 1: Users who do not have a Mingle account prior to attempting SSO for the first time will be provisioned a new, ‘full user’ account at the time of sign in.
Note 2: Once the administrator has saved the SSO configuration in Mingle, users (including the administrator) will only be able to sign in via SSO. To prevent account lockout during testing, we recommend that the configuring administrator sign in to Mingle in a browser separate from the one in which he or she will complete testing. If the SSO configuration fails, the administrator will still have access to the account in the other browser and can modify/disable the configuration.
Note 3: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys in addition to public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.
Create a private key:
openssl genrsa -out private.pem 2048
Creating a public certificate for that private key:
openssl req -new -x509 -key private.pem -out cert.pem -days 1095
Step 1 of 2: Configure JumpCloud SSO for Mingle
- Log into the JumpCloud Admin UI at
- Click on the link in the sidenav
- Click on the green icon in the upper left corner and find Mingle in the list
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- In the
https://YOUR_DOMAIN.com(replace YOUR_DOMAIN with your company’s unique domain)
- Click and upload your private key (see Note 3 above)
- Click and upload your public certificate (see Note 3 above)
- In the
https://profile.thoughtworks.com/saml/consume?RelayState=COMPANY_NAME(replace COMPANY_NAME with the company name associated with your Mingle account--if my Mingle instance is located at
https://jumpcloud.mingle.thoughtworks.com, I would replace COMPANY_NAME with
- In the field terminating the , either leave the default value or enter a plaintext string unique to this connector. The value you enter here is relevant to restricting access to this application within JumpCloud (see Note on Tagging below).
- (Optional) In the field, enter a label that will appear beside the Mingle logo within the JumpCloud console to guide administrators and users to the connection you have configured
- Click for Mingle on the right-hand side of the page
- Log in to Mingle as an administrator
- Click and select from the drop-down menu
- Under , click
- Click and upload the file you downloaded from JumpCloud
- Log into the JumpCloud User Console
- Click on the icon
- You should automatically be logged in to Mingle
- In your Web browser, navigate to your Mingle instance (ex:
- If necessary, log into the JumpCloud User Console as the appropriate user
- You should automatically be logged in to Mingle __________
Note on Tagging: To restrict access to a smaller group of users:
The value terminating the IdP URL (which the administrator sets during configuration) will also serve as part of the
SSO- followed by the value chosen to terminate the IdP URL.
If the entire IdP URL is
https://sso.jumpcloud.com/saml2/ServiceProvider1234, then create a Tag named
SSO-ServiceProvider1234 to restrict access to this connection.
Add users to this Tag who should be given access to Mingle (through this configuration only) via SSO. Any other users who are not in this tag will be denied access. If a Tag to explicitly grant access does not exist, all users in your organization will be authorized to access Mingle through this connection.