# JumpCloud

{% hint style="info" %}
Enabling SSO will affect all users of your organization, users would not be able to sign in to Currents using a different authorization method when SSO is enabled.
{% endhint %}

### Supported Features

* SP-initiated SSO (Single Sign-On)
* Just-In-Time provisioning
* [jumpcloud-user-provisioning](https://docs.currents.dev/administration/sso-saml2.0/jumpcloud/jumpcloud-user-provisioning "mention")

### Setup Steps

{% stepper %}
{% step %}
Create a new SSO Application: **User Authentication > SSO Applications > + Add New Application.**

Type **Currents** and then click **Create a Custom Integration > Next**

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2FdjNweqS2qxeKrigIDW8u%2Fcurrents-2025-04-21-11.37.28%402x.png?alt=media&#x26;token=2d736b43-9229-47d0-8c06-43fec9ff045a" alt=""><figcaption><p>Creating Custom SSO Integration</p></figcaption></figure>
{% endstep %}

{% step %}
Choose Integration Options

* ✅ Select **Manage SSO** + **Configure SSO with SAML**
* ✅ **Export user to this app**
* Click **Next**, set **Integration Name,** then click **Create Application**

<figure><img src="https://3745692499-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqmFDEiUa9mr11LUlxDnt%2Fuploads%2FNcqgsBv3WhgCAdVPblr0%2Fcurrents-2025-04-21-11.39.57%402x.png?alt=media&#x26;token=611f785d-c124-4743-a859-448b18c0b83c" alt=""><figcaption><p>Creating Custom JumpCloud SSO Integration</p></figcaption></figure>
{% endstep %}

{% step %}
Configure SSO Settings

* Fill in the fields according the values defined in [saml2.0-configuration](https://docs.currents.dev/administration/sso-saml2.0/saml2.0-configuration "mention")
  * SP Entity ID
  * ACS URL
  * SAMLSubject NameID
  * SAMLSubject NameID Format
  * Signature Algorithm: RSA-SHA256
  * Login URL: you will be able to define the login URL after Currents support team activated the integration. See [idp-initiated-sessions](https://docs.currents.dev/administration/sso-saml2.0/idp-initiated-sessions "mention").
  * Attributes: `email` and `fullname`
* Click **Export Metadata,** ensure **t**he generated metadata XML has `HTTP-POST` and `HTTP-Redirect` bindings, for example:

  ```
  <md:SingleSignOnService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://sso.jumpcloud.com/saml2/currents"
  />
  <md:SingleSignOnService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      Location="https://sso.jumpcloud.com/saml2/currents"
  />
  ```

{% endstep %}

{% step %}

#### Done

* Share the Metadata XML file together with other details appearing in [saml2.0-configuration](https://docs.currents.dev/administration/sso-saml2.0/saml2.0-configuration "mention") with Currents support team to active the SSO.
* Assign users or groups to the newly created SSO application
* Set Login URL after Currents support team activated the integration. See [idp-initiated-sessions](https://docs.currents.dev/administration/sso-saml2.0/idp-initiated-sessions "mention").
  {% endstep %}
  {% endstepper %}