# Single Sign-On with JumpCloud
## Step 1 - Obtain the SAML Provider Details from Updraft
> Only Owner of an Updraft Organization is able to add an SSO Integration
1. Open your Account Settings as an Owner
2. Go to the Security Page
3. Click Add new SSO
4. Click CUSTOM SSO
5. You will see now your SAML configuration
6. Store them
## Step 2 - Add a New App in JumpCloud Identity Provider
1. Open the Admin Dashboard of JumpCloud:
2. Click on **SSO Application.**
3. Click on the circular **+** button, or, if this is your first application, click **Get Started**.
4. At the bottom of the screen, click **Select** in the Custom Application tile. Then, click **Next**.
5. On the **Select Options** tab, select the following.
* **Manage Single Sign-On (SSO)**
* **Configure SSO with SAML**
6. Click **Next**.
7. On the **Enter** **General Info** tab:
a. Add a name for the **Display Label**.
b. Click **Save Application**.
8. After your application is saved, click **Configure Application**.
9. On the **SSO** tab of the configuration modal:
a. Enter "getupdraft" in the **SP Entity ID** field.
b. Copy the **Assertion Consumer Service URL** from Updraft that you saved earlier and paste it into the **ACS URL** field. ()
c. Leave the **SAML Subject NameID** set to **username**.
d. In the **SAMLSubject NameID-Format** field, select **urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified** from the dropdown menu.
e. Set the **Signature Algorithm** to **RSA-SHA256**.
f. Select **Sign Assertion and Response**.
g. Select Checkbox **Declare Redirect Endpoint**
h. Add the following **User Attributes**:
* email = email
* username = email
* first\_name = firstname
* last\_name = lastname
i. Activate **Group Attributes** and enter "groups"
10. Download the **Metadata XML File**
11. Click **Save**
12. On the **User Groups** tab:
* Add a user group to the SSO application. If you want to restrict who can access the SSO app, create another user group in your JumpCloud console and assign it to the SSO app.
## Step 3 `-` Upload the .xml metadata to your Updraft Organization
1. Click **Choose File** and select your **Metadata XML file**
2. Click **Save**
## Step 4 - verify the integration
After following all the above steps, log in to your Updraft account to verify that you are now able to sign in with your Custom SSO (JumpCloud).
If the integration was successful:
1. If you are opening your subdomain.getupdraft.com/login page you will see the Login with Custom SSO Button
2. When your assigned Users click on the Login with SSO Button they will be redirected to the JumpCloud login page
3. upon successful authentication with JumpCloud, your users will be logged into Updraft automatically and redirected to the dashboard page of Updraft
4. A new account for your uses will be created in Updraft after they logged-in the first time
5. Now you can assign projects and apps to your users.
If you encounter any issues, please refer back to the previous steps or reach out to the support team for assistance.
.png?alt=media&token=e6251d8f-533d-4be6-a6d1-2a0f5d9ede21)
.png?alt=media&token=4ca36b98-4ad7-4bc8-9457-e8a2db57f89d)
