- Generate a public certificate and private key pair.
- In order to successfully complete the integration between JumpCloud and Asana, you must use an administrator account in Asana.
- Asana supports SAML Single Sign-On for Premium Organizations (not for Premium Workspaces.) Please contact Asana support if you need to convert your account from a Workspace to an Organization (at the same cost).
- How to configure User authorization.
Configure the JumpCloud SSO Application
- Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
- Select Applications in the main navigation panel.
- Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
- In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
- (Optional) In the Display Label field, enter a label that will appear beside the Asana logo within the JumpCloud console to guide administrators and users to the connection you have configured.
- Select Activate.
Configure the Service Provider
- Log in to Asana as an administrator.
- Select on your profile photo and select [Organization's Name] Settings from the dropdown menu.
- Select the Administration tab.
- In the
Authenticationsection, select the Members must log in via SAML radio button.
- Ensure that the Members may also log in with email/password checkbox is selected (if desired, you may change this setting once you have tested your single sign-on).
- In the Sign-in page URL field, enter the same IdP URL that you set in the JumpCloud console (if you did not modify the termination of this URL, then enter the default URL:
- In the X.509 Certificate field, paste the contents of your public certificate; cert.pem per the above prerequisites.
- Select Save.
Validate SSO authentication workflows
- Access the JumpCloud User Console at https://console.jumpcloud.com.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
- Navigate to your Service Provider application URL.
- You will be redirected to log in to the JumpCloud User Portal.
- The browser will be redirected back to the application and be automatically logged in.