Safeguard.sh Documentation Center
SSO AuthenticationSAML 2.0

JumpCloud

Configure JumpCloud as a SAML 2.0 identity provider for Safeguard.

JumpCloud

  1. In the JumpCloud Admin Console, go to SSO Applications → + Add New Application → Custom SAML App.
  2. Set SP Entity ID to the SP Entity ID Safeguard shows after Save, and ACS URL to the ACS URL Safeguard shows after Save.
  3. Set the SAML Subject NameID to email with format EmailAddress.
  4. Under SAML Attributes, also add a constant attribute named email mapped to the user's email — separate from the Subject NameID above.
  5. Save, then reopen the app and copy the IdP URL and IdP Entity ID, and download the Certificate from the Export Metadata tab.
  6. In Safeguard, click Add Provider → SAML 2.0 → JumpCloud, and enter those three values.
  7. Assign User Groups to the application under the app's User Groups tab.
  8. Click Test in Safeguard to confirm.

Common errors: users see "Access Denied" at JumpCloud — they exist in JumpCloud but haven't been added to a User Group bound to this SSO app.

On this page