JumpCloud

Introduction

This article provides a detailed guide on how to configure JumpCloud as an identity provider.

By leveraging the Security Assertion Markup Language (SAML) protocol, Harmony SASE can authenticate users through JumpCloud, ensuring a secure and efficient login process.

Steps

1. Open the JumpCloud Administrator Console.
2. Select SSO in the main navigation panel.
   
3. Click Add New Application in the upper left.
   
4. Search for "Harmony SASE" in the search bar at the bottom of the page, and click Configure.
   
5. Choose a Display Label (Usually: Harmony SASE) and click the SSO tab.
   
6. In the Single Sign-On configuration section, fill in the following information. Replace YOUR_WORKSPACE with your Harmony SASE workspace name (see attached example).
   
   • IDP Entity ID: Enter https://YOUR_WORKSPACE.perimeter81.com/ for US based platform or https://YOUR_WORKSPACE.eu.sase.checkpoint.com/ for EU based platform 
   • SP Entity ID: Enter urn:auth0:perimeter81:YOUR_WORKSPACE-oc for US based platform or urn:auth0:eu-sase-checkpoint:YOUR_WORKSPACE-oc for EU based platform
   • ACS URL: Enter https://auth.perimeter81.com/login/callback?connection=YOUR_WORKSPACE-oc for US based platform or https://auth.eu.sase.checkpoint.com/login/callback?connection=YOUR_WORKSPACE-oc for EU based platform
   • IDP URL: You can leave it as is. This value will be used later when configuring the identity provider on the Harmony SASE side.

6. Make sure to leave the rest of the fields with the default values:
   
7. Under User Groups, verify that you are giving permissions to only the groups you want.
   
8. Click Activate.
   
9. Click the newly created Application
   10. Click the drop-down menu next to IDP Certificate Valid, then download the certificate.

   
   

Configuring JumpCloud in the Management Platform

Now, you will configure the integration from the Harmony SASE side.

1. Log in to your Harmony SASE Management Platform, navigate to Settings, and then Identity Providers.
   
2. Select + Add Provider.
3. Choose SAML 2.0 Identity Providers.
4. Sign-In URL: Usually, this will be https://sso.jumpcloud.com/saml2/perimeter81, unless you selected another IDP URL in the previous section of the guide.
5. Add your organization domain.
6. Paste or upload the certificate from JumpCloud.
   
7. Select Done.

Recommendations

• Always replace placeholders like YOUR_WORKSPACE with the appropriate values during the setup.
• Ensure that the correct attributes and URLs are set in JumpCloud for accurate user authentication and authorization in Harmony SASE.
• Periodically review your JumpCloud configuration settings to ensure they align with any updates or changes made within the Harmony SASE platform

Troubleshooting

If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

Support Contacts

If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success