SSO AuthenticationSAML 2.0
JumpCloud
Configure JumpCloud as a SAML 2.0 identity provider for Safeguard.
JumpCloud
- In the JumpCloud Admin Console, go to SSO Applications → + Add New Application → Custom SAML App.
- Set SP Entity ID to the SP Entity ID Safeguard shows after Save, and ACS URL to the ACS URL Safeguard shows after Save.
- Set the SAML Subject NameID to
emailwith format EmailAddress. - Under SAML Attributes, also add a constant attribute named
emailmapped to the user's email — separate from the Subject NameID above. - Save, then reopen the app and copy the IdP URL and IdP Entity ID, and download the Certificate from the Export Metadata tab.
- In Safeguard, click Add Provider → SAML 2.0 → JumpCloud, and enter those three values.
- Assign User Groups to the application under the app's User Groups tab.
- Click Test in Safeguard to confirm.
Common errors: users see "Access Denied" at JumpCloud — they exist in JumpCloud but haven't been added to a User Group bound to this SSO app.