JumpCloud SAML
Display Label: Grafana Cloud
IdP Entity ID: JumpCloud
SP Entity ID: https://bla.grafana.net/saml/metadata
ACS URL: https://bla.grafana.net/saml/acs
SAMLSubject NameID: email
SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm: RSA-SHA256
Sign Assertion: < checked >
Default Relay State: https://bla.grafana.net/
Login URL: https://bla.grafana.net/login
Declare Redirect Endpoint: < checked >
IDP URL: https://sso.jumpcloud.com/saml2/bla1
User Attributes:
Service Provider Attribute Name: displayName ; JumpCloud Attribute Name: fullname
Service Provider Attribute Name: mail ; JumpCloud Attribute Name: email
Service Provider Attribute Name: username ; JumpCloud Attribute Name: username
GROUP ATTRIBUTES:
Include group attribute: group
Generate certificate
Use official guide
Grafana Cloud SAML
General settings
Display name for this SAML 2.0 integration: JumpCloud
Allow signup: < checked >
Auto login: < checked >
Single logout: < unchecked >
Identity provider initiated login: < checked >
Relay state *: https://bla.grafana.net/
Max issue delay: 90s
Metadata valid duration: 48h
Key and certificate
Signing and encryption key and certificate (required): Base64-encoded content
Private key: < upload key.pem file from step Generate certificate>
Certificate: < upload cert.pem file from step Generate certificate >
Sign requests: < checked >
Signature algorithm: RSA-SHA256 (default)
Connect Grafana with Identity Provider
IdP's metadata: URL for metadata ; Copy Metadata URL from JumpCloud
User mapping
Name attribute: displayName
Login attribute: username
Email attribute: mail
Groups attribute: < blank >
Role attribute: group
Org attribute: < blank >
Role mapping
Editor: developers
Admin: admins
Skip organization role sync: < unchecked >
Allowed organizations: < blank >
Name identifier format: Email address
Test and enable
Hit button "Save and Enable"
Nuances
- Make sure that
displayName
has text as Grafana SAML not accept empty value. This means that in JumpCloud you should havefullname
set - Example on how added multiple roles:
role_values_admin = DevOps,Admins
role_values_editor = Build,"Extra Engineering"
-
IDP URL
should be unique for all applications on your JumpCloud account
Top comments (0)