Embedded Files
Single Sign-On (SSO) is an authentication method that allows users to log in once and gain access to multiple applications without having to log in separately to each one.
JumpCloud offers a cloud-based directory platform that enables secure and centralized identity and access management. It supports both SAML 2.0 and OpenID Connect (OIDC) protocols for implementing Single Sign-On (SSO) to various applications.
What is SAML 2.0?
What is SAML 2.0?
Security Assertion Markup Language (SAML) 2.0 is an XML-based open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). It allows users to log in once and gain access to multiple applications without needing to authenticate again. Commonly used in enterprise environments, SAML 2.0 is ideal for web-based applications and services that require a high level of security and identity federation. It enables Single Sign-On (SSO) by transmitting user identity information in a digitally signed XML format called an assertion.
What is OpenID Connect (OIDC)?
What is OpenID Connect (OIDC)?
OpenID Connect (OIDC) is a modern identity protocol built on top of the OAuth 2.0 framework. Unlike SAML, which uses XML, OIDC uses JSON and RESTful APIs to facilitate authentication flows between an identity provider and a client application. OIDC allows applications to verify a user’s identity and retrieve basic profile information using secure tokens, such as the ID Token, typically formatted as a JSON Web Token (JWT). It is widely adopted in modern web and mobile applications due to its simplicity, scalability, and support for native apps, SPAs (Single Page Applications), and APIs.
Why Use SSO with JumpCloud?
Why Use SSO with JumpCloud?
JumpCloud’s SSO features provide:
Centralized identity management
Reduced password fatigue
Enhanced security (with MFA support)
Easier onboarding/offboarding
Audit logging & access control
End User Experience
End User Experience
After configure both the IdP and SP for SSO, employees can access the applications in two ways:
IdP-Initiated – Access from the JumpCloud User Portal.
SP-Initiated – Access directly from the application.
Additional User Experience Considerations
Additional User Experience Considerations
Session timeout in JumpCloud is independent of SSO service providers. In situations where users of SSO applications experience a User Portal timeout (depending on session timeout settings), keep in mind:
Session timeout is completely independent of the service provider when configuring the JumpCloud User Portal Session Duration under Settings in the Admin Portal.
Some connectors will support passing along a Constant Attribute to dictate the duration of a user session before expiry. An example of this is Amazon AWS’s “SessionDuration.”
A few connectors support SLO (Single Logout). This is not related to session timeouts; SLO is a configuration that will push the user to the JumpCloud User Portal when logging out of the service provider application.
For more information, please refer to the following pages:
Page updated
Report abuse