[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Single Sign On (SSO) with SalesForce


  • A public certificate and private key pair are required to successfully connect applications with JumpCloud. After you activate an application, we automatically generate a public certificate and private key pair for you. You can use this pair or upload your own. 
  • Learn how to manage certificates and private keys
  • Learn how to generate a public certificate and private key pair
  • In order to successfully complete the integration between JumpCloud and Salesforce, you must have administrative rights to access configuration settings of the service provider.


  • After you connect an application to JumpCloud, you can connect it to user groups. Users in the groups you connect can access the application through SAML SSO. Learn how to connect user groups to applications.
  • Salesforce SAML configuration details can also be found here. This link is valid as of May 4, 2017. If there are any discrepancies between 'Configure the Service Provider' below and the Salesforce configuration options, assume the Salesforce documentation is correct.

Configure the Service Provider

  1. Log into Salesforce as an Administrator.
  2. From the gear icon at upper right, select Setup.
  3. From the left-hand sidenav, navigate to Settings > Company Settings > My Domain.
  4. Enter a subdomain for your Salesforce account.
  5. Select the Terms and Conditions checkbox.
  6. Select Register Domain.
  7. From the left-hand sidenav, navigate to Settings > Security > Certificate and Key Management.​
  8. Select Create Self-Signed Certificate.
  9. Enter the following Label: JumpCloud SAML.
  10. Enter the following Unique Name: JumpCloud SAML (Salesforce may automatically insert an underscore to fill spaces).
  11. Select Save.
  12. Select Download Certificate.
  13. From the left-hand sidenav, navigate to Settings > Identity > Single Sign-On Settings.​
  14. Select Edit.
  15. Select the SAML Enabled checkbox.
  16. Select Save.
  17. Select New.
  18. Enter the following Name: JumpCloud.
  19. Enter the following API Name: JumpCloud.
  20. Enter the following Issuer: JumpCloud.
  21. Enter the following Entity Id: https://YOUR_DOMAIN.TLD.
  22. Select Choose File next to Identity Provider Certificate and upload your public certificate; the cert.pem file generated according to the above prerequisites.
  23. In the dropdown menu for Signing Certificate, select JumpCloud SAML.
  24. Enter the following Identity Provider Login URL: https://sso.jumpcloud.com/saml2/salesforce (this is the default IdP URL, but if you plan to change this value in JumpCloud in step 10 below then enter your chosen value).
  25. Select Save.
  26. Once saved, on this screen, copy the Salesforce Login URL for later use. It will be in the form of https://<YOUR_DOMAIN>.my.salesforce.com?so=<SOME_SPECIFIC_STRING>.
  27. From the left-hand sidenav, navigate to Settings > Company Settings > My Domain.​
  28. Select Select here to login.
  29. Select Deploy to Users.
  30. Select Edit on Login Page Settings.
  31. Select the checkbox for JumpCloud.
  32. Deselect the checkbox for Login Page.
  33. Select Save.

Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
  4. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  5. Enter the following IdP Entity ID: JumpCloud.
  6. Enter the following SP Entity ID: https://YOUR_DOMAIN.TLD (make sure this matches the value you entered in Salesforce).
  7. Select Upload SP Certificate and upload the JumpCloud_SAML.crt file.
  8. In the ACS URL field, enter the URL you copied from Salesforce.
  9. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector. This must match the value entered in Salesforce.
  10. (Optional) In the Display Label field, enter a label that will appear beside the Salesforce logo within the JumpCloud console to guide administrators and users to the connection you have configured.
  11. Select Activate.

Validate SSO authentication workflows

IdP Initiated

  • Log into the JumpCloud User Console
  • Select on the Salesforce icon
  • You should automatically be logged in to Salesforce

SP Initiated

  • In your Web browser, navigate to your Salesforce instance (EX: https://YOUR_DOMAIN.salesforce.com/)
  • If necessary, log into the JumpCloud User Console as the appropriate user
  • You should automatically be logged in to Salesforce

Last Updated: Aug 19, 2019 12:18PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found