How to integrate JumpCloud with Azure AD?

Recently, as part of one of the projects, we had the opportunity to integrate JumpCloud with Azure AD. The integration was aimed at facilitating user management and introducing the so-called SSO (Single Sign-On) with one authentication point. And today, we’d like to share this knowledge with you.

What is Single Sign-On?

SSO is an authentication mechanism that allows a user to log in to many independent IT systems with a single identifier. In this case, single authentication provides access to multiple applications by passing an authentication token to configured applications.

The benefits of using Single Sign-On are primarily increased security and easier user management. With SSO, users have to remember fewer passwords which translates directly into having more complex and non-duplicate ones. Thanks to one point of authentication, administrators have easier login verification (logs from one place) as well as user management (less password reset requests, greater certainty that all accesses have been taken when disabling the account).

Preparing JumpCloud as an authentication point

Coming back to our case — we selected JumpCloud as the authentication point because of the possibility of introducing MFA (Multi-Factor Authentication) for all users at no additional cost, as well as a clear user management interface.

Step 1

We started the entire process with user verification in both Azure AD (AAD) and JumpCloud. It was important to make sure that all users have the email attribute completed correctly in both tenats.

Step 2

Another issue was the creation of a new technical account with Global Admin privileges in the AAD tenant. This user is responsible, inter alia, for the synchronization process between tenats.

Step 3

Next, we set *.onmicrosoft.com as the primary AAD domain.

Step 4

As far as JumpCloud is concerned, we have prepared an appropriate group in order to maintain control of the accounts that were to be synchronized.

Launching the service

When the preparations are completed, we are able to turn on the service.

  • After logging into the JumpCloud administration console, go to: User Authentication> SSO, click the “+” sign and select the appropriate application for which you want to add SSO.
  • At this point, which may be a bit confusing, choose Microsoft 365 (there is no direct indication of Azure AD).
  • In the SSO tab, fill in the name of your domain in the appropriate places (IdP Entity ID and Login URL) and then indicate the groups to be synchronized.
  • After activating SSO, enter your application into the edit mode and download the certificate generated by JumpCloud.
  • Staying in the console, go to Directory Integrations> Cloud Directory Integrations, click “+” and after selecting M365 / Azure AD, configure the attributes and users for synchronization.
  • At this point, we only need to federate between AAD and JumpCloud. For this purpose, we use the following PowerShell script:

Connect-MsolService -Credential $cred

$domain=”domena”

$idpUrl=”https://sso.jumpcloud.com/saml2/office365″

$logoutUrl=”https://console.jumpcloud.com/userconsole/”

$certificate=”certyfikat”

$issuerUri=”domena”

Set-MsolDomainAuthentication -DomainName $domain -FederationBrandName $domain -Authentication Federated -IssuerUri $issuerUri -LogOffUri $logoutUrl -PassiveLogOnUri $idpUrl -ActiveLogOnUri $idpUrl -SigningCertificate $certificate -PreferredAuthenticationProtocol SAMLP

  • As a “certificate” paste the contents of the certificate, first removing all white characters.
  • After executing the script, we can check if the federation is set using the command: Get-MsolDomain

Finishing up

If everything has been done correctly, we need to be patient. According to the documentation, the synchronization process may take up to 2 hours, and in extreme cases up to 24 hours.

To sum up, we managed to integrate JumpCloud with AAD in a fairly simple way and thus improve the security and comfort of both users and administrators.

--

--

--

iteo is an international technology consultancy & software engineering company, founded in Poland. Visit us on www.iteo.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introduction to ChatOps

Install OpenMediaVault on a USB Flash Drive

Understand Algorithm Evaluation and Basic Algorithms

Dart asynchronous programming: Streams

Animated Custom View — Driven by tests! — Part 1

What’s new in Java 11 compared to Java 8

Swashbuckle CLI: Automating ASP.NET Core API Swagger Definitions During Build

Python, Customize Sorting in several ways

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
iteo

iteo

iteo is an international technology consultancy & software engineering company, founded in Poland. Visit us on www.iteo.com

More from Medium

Using NGINX Plus to decode Proxy Protocol TLV linkIdentifier from Azure Private Link Service

Collect virtual machine event and performance data in Azure Portal

CICD Pipelines: Evolution with Time

Microsoft Azure, A Cloud Computing Services