SSO Configuration: JumpCloud

Integrating your company's Single Sign-On (SSO) solution with the World Manager platform offers a convenient and secure way for all employees to access the platform. By integrating with the popular identity provider (IdP) OneLogin for SSO, you can enable employees to authenticate into your World Manager platform using their existing company credentials. Follow these instructions to configure the integration with OneLogin.

Prerequisites

  • Admin access to JumpCloud

OneLogin Configuration

Add an Application

1. Log into JumpCloud: https://console.jumpcloud.com

2. Go to USER AUTHENTICATION → SSO

3. Click on the “+ Add New Application” button

Note: If you do not have any existing SSO applcations in JumpCloud, then you will see a "Get Started" button instead.

4. In the (search) text field, enter SAML

5. Click on the “Configure” button next to the “Custom SAML App” result that appears (to add)

General Info

1. Enter a (unique) name for the app + enable the “Show this application in User Portal” option, then click on the “activate” button

Tip: For the purposes of this article, we have used ‘WM Platform SSO’ as the name. However, we recommend using a name that is unique/specific to your World Manager platform.

SSO

1. Click on the ‘SSO’ tab

2. Under the ‘Service Provider Metadata’ section, complete the following details (below):

  • IdP Entity ID
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/metadata/onelogin
  • SP Entity ID
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/metadata/onelogin
  • ACS (Consumer) URL Validator
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/onelogin
  • ACS URLs
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/onelogin

Important: The ‘ACS (Consumer) URL’ field requires a REGEX version of the ‘ACS (Consumer) URL Validator’ value.

  • SAMLSubject NameID:
    • In the drop-down field, select the “Email” option
  • SAMLSubject NameID Format
    • In the drop-down field, select the “urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” option

3. Under the ‘Attributes’ section, action the following (below) to create attributes (aka fields):

  • Email
    • Click on the “add attribute” button
    • In the ‘Field name’ field, enter email
    • In the ‘Value’ drop-down, select the email option

Important: You can only use a valid email address as the identifier value.

  • First Name
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter firstName
    • In the ‘JumpCloud Attribute Name’ drop-down, select the firstname option
  • Last Name
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter lastName
    • In the ‘JumpCloud Attribute Name’ drop-down, select the lastname option
  • Group UUIDs
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter groupUuids
    • In the ‘JumpCloud Attribute Name’ drop-down, select the Custom User or Group Attribute option
    • In the ‘JumpCloud Attribute Name’ field, enter groupUuids
  • Country UUIDs
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter countryUuids
    • In the ‘JumpCloud Attribute Name’ drop-down, select the Custom User or Group Attribute option
    • In the ‘JumpCloud Attribute Name’ field, enter countryUuids
  • Area UUIDs
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter areaUuids
    • In the ‘JumpCloud Attribute Name’ drop-down, select the Custom User or Group Attribute option
    • In the ‘JumpCloud Attribute Name’ field, enter areaUuids
  • Store UUIDs
    • Click on the “add attribute” button
    • In the ‘Service Provider Attribute Name’ field, enter storeUuids
    • In the ‘JumpCloud Attribute Name’ drop-down, select the Custom User or Group Attribute option
    • In the ‘JumpCloud Attribute Name’ field, enter storeUuids

Once finished, you should be left with something like this:

Important: To ensure correct functionality, all attribute names must be entered exactly as specified.

4. Click on the “activate” button

5. In the confirmation prompt that appears, click on the “continue” button

Get IDP Details

1. Go to USER AUTHENTICATION → SSO

2. Click on the name of the app you created (to open)

3. Click on the ‘SSO’ tab

2. Under the ‘Enable SAML2.0’ section, action the following (below):

  • Copy the ‘Issuer URL’ value
  • Copy the ‘SAML 2.0 Endpoint (HTTP)’ value
  • Under the ‘X.509 Certificate’ field, click on the “View Details” link

Important: Keep this information handy, as it will be required in later steps.

Assign UUID Values

1. Go to USER MANAGEMENT → Users

2. Find + open the properties of a user you wish to configure UUID data for

3. Click on the ‘Details’ tab, then click on the ‘Custom Attributes’ section (to expand)

4. Under the ‘Custom Attributes’ section, action the following (below):

  • Group UUIDs
    • Click on the “add new custom attribute” button
    • In the first text field, enter groupUuids
    • In the second text field, enter a valid Group UUID value

Tip: Currently, it is not possible to obtain Group UUID data from within the platform. Please either contact our Support Team, or use our SOAP API.

  • Country UUIDs
    • Click on the “add new custom attribute” button
    • In the first text field, enter countryUuids
    • In the second text field, enter a valid Country UUID value (or values)
  • Area UUIDs
    • Click on the “add new custom attribute” button
    • In the first text field, enter areaUuids
    • In the second text field, enter a valid Area UUID value (or values)
  • Store UUIDs
    • Click on the “add new custom attribute” button
    • In the first text field, enter storeUuids
    • In the second text field, enter a valid Store UUID value (or values)

Note: In order to assign multiple UUIDs, separate the values with a semicolon ; - e.g. value1;value2.

Important: Not all attributes can be assigned multiple UUID values, as it is dependent on the role the user's account group belongs to. See table below that outlines the data allowed per role:

Role(s) Group UUIDs Country UUIDs Area UUIDs Store UUIDs
World Manager 1x      
National Manager (multi-country) 1x Multiple    
Area Manager (multi-area) 1x   Multiple  
General Manager, Store Manager, Employee (multi-store) 1x     Multiple

5. Click on the “save user” button

6. Repeat steps 2 through 5 to assign UUID values for all applicable accounts

UUID Data Requirement

To successfully authenticate a user via SSO, there is a bare minimum requirement of UUID data that needs to be provided, which is dependent on the role the user's account group belongs to. See table below that outlines the data required per role:

Role(s) Group UUID Country UUID Area UUID Store UUID
World Manager      
National Manager    
Area Manager    
General Manager, Store Manager, Employee    

To elaborate on the above, if you were creating a ‘Store Manager’ account, you would only need to provide valid ‘Group UUID’ and ‘Store UUID’ values. The ‘Country UUID’ and ‘Area UUID’ values are not required.

World Manager Configuration

Contact Support

All SSO-related configuration on the World Manager end is handled by the Support Team and is not visible within the platform. So, whenever you are ready to enable this authentication method, please send an email to wmsupport@franconnect.com with the following details:

  • ‘IDP URL’ value
  • ‘SAML 2.0 Endpoint (HTTP)’ value
  • IDP Certificate file

Note: These values are from the 'SSO' section that you were previously instructed to download/copy.

Was this article helpful?
0 out of 0 found this helpful