This example describes how to integrate JumpCloud as an identity provider (IdP) with an Oxide silo using SAML. It assumes you have JumpCloud administrator access and access to the Oxide Console with fleet admin permissions.
Create SAML Application in JumpCloud
Log in to the JumpCloud Admin Console.
Go to SSO Applications and create a new Custom SAML application.
Set the following fields:
Check Declare Redirect Endpoint (a JumpCloud requirement).
Under Attributes, add:
Service Provider Attribute Name:
groupJumpCloud Attribute Name:
group
Under Sign, check:
Assertion and Response
Save and copy:
Metadata URL (JumpCloud SAML metadata)
IdP Entity ID (JumpCloud Entity ID)
Configure Users and Groups in JumpCloud
Assign users to the JumpCloud app and set their Custom Attributes:
Navigate to Users.
Edit user details and set the custom attribute
grouptoadmin(or other group names you intend to use in Oxide).Confirm that user groups match what’s expected in the Oxide Silo setup.
Configure Oxide Silo and Identity Provider
Create Silo in Oxide
In the Oxide Console:
Go to System > Silos and create a new silo.
Silo Name: Should match the name you used in JumpCloud.
Admin Group Name: Must match the
groupattribute in JumpCloud (e.g.,admin).Upload a TLS certificate valid for the silo domain.
Create Identity Provider in Oxide
In the silo’s Identity Provider tab, click New Provider.
| Field | JumpCloud Value |
|---|---|
Provider Name |
|
Service provider client ID | The ACS URL (JumpCloud requires the full URL here) |
Entity ID | The IdP Entity ID copied from JumpCloud |
ACS URL | Auto-generated by Oxide
|
Group attribute name |
|
Metadata source | Use the JumpCloud Metadata URL |
Cert/Key files | If request signing is used, supply these in DER format |
Log in to Oxide
Once configuration is complete, log in to the Oxide Silo via the JumpCloud SSO method.
Oxide automatically creates groups and assigns users to them based on the group attribute sent
by JumpCloud in the SAML assertion.