[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Single Sign On (SSO) with Mingle by ThoughtWorks

Important: This article contains out-of-date information. For current application information, see Connecting Applications with JumpCloud Using Pre-Built Connectors.


PREREQUISITES: In order to successfully complete the integration between JumpCloud and Mingle by Thoughtworks, you must use an administrator account in Mingle.


CONFIGURATION NOTES:

Note 1: Users who do not have a Mingle account prior to attempting SSO for the first time will be provisioned a new, ‘full user’ account at the time of sign in.

Note 2: Once the administrator has saved the SSO configuration in Mingle, users (including the administrator) will only be able to sign in via SSO. To prevent account lockout during testing, we recommend that the configuring administrator sign in to Mingle in a browser separate from the one in which he or she will complete testing. If the SSO configuration fails, the administrator will still have access to the account in the other browser and can modify/disable the configuration.

Note 3: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys in addition to public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.


Create a private key: 

  • openssl genrsa -out private.pem 2048

Creating a public certificate for that private key: 

  • openssl req -new -x509 -key private.pem -out cert.pem -days 1095


Step 1 of 2: Configure JumpCloud SSO for Mingle

  1. Log into the JumpCloud Admin UI at https://console.jumpcloud.com
  2. Click on the Applications link in the sidenav
  3. Click on the green + icon in the upper left corner and find Mingle in the list
  4. Click configure
  5. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  6. In the IdP Entity ID field, enter https://YOUR_DOMAIN.com (replace YOUR_DOMAIN with your company’s unique domain)
  7. Click Upload Private Key and upload your private key (see Note 3 above)
  8. Click Upload IdP Certificate and upload your public certificate (see Note 3 above)
  9. In the ACS URL field, enter https://profile.thoughtworks.com/saml/consume?RelayState=COMPANY_NAME (replace COMPANY_NAME with the company name associated with your Mingle account--if my Mingle instance is located at https://jumpcloud.mingle.thoughtworks.com, I would replace COMPANY_NAME with jump cloud)
  10. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector. The value you enter here is relevant to restricting access to this application within JumpCloud (see Note on Tagging below).
  11. (Optional) In the Display Label field, enter a label that will appear beside the Mingle logo within the JumpCloud console to guide administrators and users to the connection you have configured
  12. Click Activate
  13. Click export metadata for Mingle on the right-hand side of the page
Step 2 of 2: Configure Mingle for JumpCloud SSO
  1. Log in to Mingle as an administrator
  2. Click Admin and select SSO Config from the drop-down menu
  3. Under SAML metadata, click Edit
  4. Click Choose File and upload the metadata file you downloaded from JumpCloud
  5. Click Save Changes
To test your single sign-on configuration:

(IdP-Initiated Flow)

  • Log into the JumpCloud User Console
  • Click on the Mingle icon
  • You should automatically be logged in to Mingle

(SP-Initiated Flow)

  • In your Web browser, navigate to your Mingle instance (ex: https://SUBDOMAIN.mingle.thoughtworks.com)
  • If necessary, log into the JumpCloud User Console as the appropriate user
  • You should automatically be logged in to Mingle __________

Note on Tagging: To restrict access to a smaller group of users:

The value terminating the IdP URL (which the administrator sets during configuration) will also serve as part of the Tag name for this SSO connection. To restrict access, create a new Tag and name it SSO- followed by the value chosen to terminate the IdP URL.

EX: If the entire IdP URL is https://sso.jumpcloud.com/saml2/ServiceProvider1234, then create a Tag named SSO-ServiceProvider1234 to restrict access to this connection.

Add users to this Tag who should be given access to Mingle (through this configuration only) via SSO. Any other users who are not in this tag will be denied access. If a Tag to explicitly grant access does not exist, all users in your organization will be authorized to access Mingle through this connection.​

 

Last Updated: Aug 20, 2019 09:35AM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete