JumpCloud

Step 1 - Configure your JumpCloud Management Portal

  1. Log in to JumpCloud Management Portal.

  2. From the main navigation panel, click User Authentication and select SSO.

  3. Click Add New Application.

  4. Search for Harmony SASE application and click Configure.

  5. In the General Info tab, enter a name for the application in the Display Label field.

  6. Go to the SSO tab and enter these values in the Single Sign-On configuration section:

    • IDP Entity ID: https://{{WORKSPACE}}.perimeter81.com/

    • SP Entity ID: urn:auth0:perimeter81:{{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • ACS URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • IDP URL: https://sso.jumpcloud.com/saml2/{{required text}}

      For example, https://sso.jumpcloud.com/saml2/perimeter81.

    • Do not change the default values in the other fields.

  7. Go to the User Groups tab and verify that the required groups have the permissions.

  8. Click Activate.

  9. Click the newly created application.

  10. Click the IDP Certificate Valid drop-down and select Download certificate.

Step 2 - Configure the Harmony SASE Administrator Portal

  1. Log in to the Harmony SASE Administrator Portal with a administrator account.

  2. Go to Settings > Identity Providers.

  3. Click Add Provider.

    The Add identity provider pop-up appears.

  4. Select SAML 2.0 Identity Providers and click Continue.

  5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

    Identity Provider

    Sign in URL

    Generic SAML

    Identity Provider Sign in URL

    Active Directory Federation Services (AD FS)

    https://{{Your ADFS Domain}}/adfs/ls

    Auth0

    Auth0 login URL

    OneLogin

    SAML 2.0 Endpoint (HTTP) value

    PingOne

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}

    PingFederate

    https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2

    Rippling

    Rippling IdP Sign-in URL.

    JumpCloud

    JumpCloud IDP URL

    Okta

    Okta Sign on URL

    Google Applications

    SSO URL

  6. In the Domain Aliases field, enter the business domain names separated by commas or space.

  7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

    If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

  8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this:

  • Assigns the member with the appropriate role.

  • Adds the member to the groups related to Identity Provider.

  • Applies the relevant configuration profiles to the member.