Articles on: Workspace Configuration

SAML SSO JumpCloud

πŸ”‘ SAML SSO JumpCloud

"Enable secure single sign-on with JumpCloud and Brainframe GRC."
Follow these steps to configure SAML authentication between your JumpCloud tenant and Brainframe GRC.



1️⃣ Create the Application


  1. Go to the JumpCloud admin console β†’ User Authentication β†’ SSO Applications and click Add New Application.






  1. Click "Select" on Custom Application, and click Next on the following screen


  1. Select Manage Single Sign-On (SSO) and Configure SSO with SAML



  1. Enter the application name "Brainframe GRC", and enter a description for the users. Upload a logo or keep a color (keep all other settings default), then click on Save application and on the next screen click Configure Application






2️⃣ Configure the JumpCloud SAML Settings


  1. Go into Brainframe Workspace Settings > Authentication, and enable the In the SSO login to receive the different SAML settings![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_oppdis.png)


  1. Inside the newly created JumpCloud SSO Application, select the SSO tab, and copy the "SP Entity ID" and "Default ACL URL" from the Brainframe setting![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_rikso5.png)
  2. Make sure to configure "Assertion" as sign method![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_v9z0mw.png)
  3. Now configure in Jumpcloud the firstname and lastname User attributes, as well as the Constant attribute "WorkspaceId" (note that this is case sensitive). You find the valid Workspace ID inside Brainframe![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_gk6izi.png)
  4. On JumpCloud, click SAVE to finalize the SSO settings.






3️⃣ Brainframe Configuration


Once JumpCloud is ready, we'll finalize the Brainframe GRC side in Workspace Settings β†’ Authentication.



  1. Copy the "IdP URL" from JumpCloud to the Brainframe SSO "IdP Single sign on (SSO) Login URL"![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_7pq4tm.png)![](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_xrtjrw.png)
  2. Download the Certificate of the application (Open the certificate and copy everything WITHOUT the BEGIN/END CERTIFICATE lines) β†’ Paste into IdP application certificate in Brainframe. [](https://storage.crisp.chat/users/helpdesk/website/-/3/f/2/6/3f26ce462760bc00/image_1azgin6.png)
  3. Now click SAVE inside Brainframe to store and enable SSO for this workspace.


When a user enters their email during login, they will now see the SSO login button for your workspace. You can optionally check that users are automatically redirected to the IdP SSO page after the email was entered (only works if this email is linked to a single workspace with SSO enabled)


4️⃣ Assign groups & test


  1. Check the groups that should get access in the JumpCloud application and click SAVE.


  1. Now you can test the application via JumpCloud SSO page




5️⃣ Common Errors & Fixes


❌ Failed to read asymmetric key: you should update the β€œIdP application certificate β€œin Brainframe GRC settings with the IdP BASE64 certificate (without the BEGIN/END Certificate line)



❌ Attributes mismatch β†’ All attributes are case sensitive (e.g WorkspaceId must be exact).


Updated on: 05/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!