CloudGuard Dome9 Help

Configure Dome9 SSO with JumpCloud



Based on JumpCloud documentation

Single Sign On (SSO) with JumpCloud

PREREQUISITES: In order to successfully complete the integration between JumpCloud and Dome9, you must use an owner account in Dome9.

CONFIGURATION NOTES:

Note 1: Dome9 does not support automatic new user provisioning via SSO. Prior to attempting SSO, all users must have a Dome9 account that uses the same email as their JumpCloud account.

Note 2: To prevent account lockout, Dome9 does not allow the account owner to use single sign on.

Note 3: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys in addition to public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.

  • Create a private key opensslgenrsa -out private.pem 2048

  • Create a public certificate for that private key: opensslreq -new -x509 -key private.pem -out cert.pem -days 1095

To restrict access to a smaller group of users:

  1. Note the IdP URL name for this app in the Application details, e.g. https://sso.jumpcloud.com/saml2/ConnectorName

  2. Create a new Tag and name it SSO-ConnectorName. Important: This tag is case sensitive.

  3. Add users to this Tag who should be given access to Dome9 via Single Sign-On. Any other users who are not in this tag will be denied access.

IMPORTANT: If the Tag does not exist, all users in your organization will be authorized to access Dome9.

Test the SSO configuration