JumpCloud Integration
Enable your JumpCloud users to sign in to your Shopify store using their corporate credentials with SAML 2.0 authentication.
Prerequisites
- JumpCloud admin access
- SecurePie Professional or Enterprise plan
- Your SecurePie Organization ID
Setup Instructions
Access JumpCloud Admin Console
Log in to your JumpCloud Admin Console to create a new SSO application.
- 1.Navigate to console.jumpcloud.com
- 2.Sign in with your admin credentials
- 3.Go to SSO Applications in the left sidebar
Create New SSO Application
Add a custom SAML application for SecurePie.
- 1.Click the "+ Add New Application" button
- 2.Select "Custom SAML App"
- 3.Enter "SecurePie SSO" as the Display Label
- 4.Optionally add a description and upload the SecurePie logo
- 5.Click "Configure Application"
Configure SSO Settings
Enter the SecurePie SAML configuration in JumpCloud.
- 1.In the SSO tab, enter the IdP Entity ID
- 2.Enter the SP Entity ID (Audience)
- 3.Enter the ACS URL
- 4.Set SAMLSubject NameID to "email"
- 5.Set SAMLSubject NameID Format to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
// SAML Configuration
{
"IdP Entity ID": "jumpcloud",
"SP Entity ID": "https://securepie.com/saml/your-org-id",
"ACS URL": "https://securepie.com/saml/acs/your-org-id",
"SAMLSubject NameID": "email",
"SAMLSubject NameID Format": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
}Configure User Attributes
Map JumpCloud user attributes to SAML assertions.
- 1.Scroll down to "User Attribute Mapping"
- 2.Add the required attribute mappings
- 3.Use "Standard" attribute type for built-in fields
// User Attribute Mapping Service Provider → JumpCloud Attribute Attribute Name ───────────────────────────────────────────────── email → email firstName → firstname lastName → lastname // Optional: Group Membership groups → memberOf
Download IDP Certificate
Export the JumpCloud certificate for SecurePie configuration.
- 1.In the SSO tab, scroll to "IDP Certificate"
- 2.Click "Export Certificate"
- 3.Save the .pem certificate file
- 4.Note the IDP URL shown in the SSO tab
Assign Users and Groups
Bind users or groups to the SecurePie application.
- 1.Go to the "User Groups" tab in the application
- 2.Click "Add Groups" and select the groups to grant access
- 3.Alternatively, use the "Users" tab to assign individual users
- 4.Click "Activate" to enable the application
Configure SecurePie
Upload the JumpCloud certificate and configure SecurePie.
- 1.Log in to your SecurePie dashboard
- 2.Go to Settings → Identity Providers
- 3.Click "Add Provider" → "JumpCloud"
- 4.Enter the IDP URL from JumpCloud
- 5.Upload the IDP certificate (.pem file)
- 6.Click "Save" and test the connection
Advanced: Conditional Access
JumpCloud supports Conditional Access policies that can be applied to the SecurePie application for enhanced security.
Supported Policies
- • Require MFA for all users
- • Device trust requirements
- • IP-based access restrictions
- • Time-based access rules
Configuration
Set up Conditional Access policies in JumpCloud under Security → Conditional Access Policies. Apply them to the SecurePie application or user groups.
Common Issues
SAML Response signature verification failed
Ensure you've uploaded the correct IDP certificate from JumpCloud. Re-export the certificate and upload it to SecurePie.
User not authorized for application
The user must be assigned to the SecurePie application in JumpCloud, either directly or through a user group. Check the User Groups tab.
NameID format mismatch
Ensure the SAMLSubject NameID Format in JumpCloud is set to "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" and that NameID is mapped to the user's email address.
Need Help?
Our support team can help you configure JumpCloud, including advanced features like Conditional Access and device trust policies.