DEV Community

Yevhen Tienkaiev
Yevhen Tienkaiev

Posted on • Edited on

2

Configure Grafana Cloud SAML to work with JumpCloud

JumpCloud SAML

Display Label: Grafana Cloud

IdP Entity ID: JumpCloud
SP Entity ID: https://bla.grafana.net/saml/metadata
ACS URL: https://bla.grafana.net/saml/acs
SAMLSubject NameID: email
SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm: RSA-SHA256
Sign Assertion: < checked >
Default Relay State: https://bla.grafana.net/
Login URL: https://bla.grafana.net/login
Declare Redirect Endpoint:  < checked >
IDP URL: https://sso.jumpcloud.com/saml2/bla1

User Attributes:
Service Provider Attribute Name: displayName ; JumpCloud Attribute Name: fullname
Service Provider Attribute Name: mail ; JumpCloud Attribute Name: email
Service Provider Attribute Name: username ; JumpCloud Attribute Name: username

GROUP ATTRIBUTES:
Include group attribute: group
Enter fullscreen mode Exit fullscreen mode

Generate certificate

Use official guide

Grafana Cloud SAML

General settings
Display name for this SAML 2.0 integration: JumpCloud
Allow signup: < checked >
Auto login: < checked >
Single logout: < unchecked >
Identity provider initiated login: < checked >
Relay state *: https://bla.grafana.net/
Max issue delay: 90s
Metadata valid duration: 48h

Key and certificate
Signing and encryption key and certificate (required): Base64-encoded content
Private key: < upload key.pem file from step Generate certificate>
Certificate: < upload cert.pem file from step Generate certificate >
Sign requests: < checked >
Signature algorithm: RSA-SHA256 (default)

Connect Grafana with Identity Provider
IdP's metadata: URL for metadata ; Copy Metadata URL from JumpCloud

User mapping
Name attribute: displayName
Login attribute: username
Email attribute: mail
Groups attribute: < blank >
Role attribute: group
Org attribute: < blank >

Role mapping
Editor: developers
Admin: admins
Skip organization role sync: < unchecked >
Allowed organizations: < blank >
Name identifier format: Email address

Test and enable
Hit button "Save and Enable"
Enter fullscreen mode Exit fullscreen mode

Nuances

  • Make sure that displayName has text as Grafana SAML not accept empty value. This means that in JumpCloud you should have fullname set
  • Example on how added multiple roles:
role_values_admin = DevOps,Admins
role_values_editor = Build,"Extra Engineering"
Enter fullscreen mode Exit fullscreen mode
  • IDP URL should be unique for all applications on your JumpCloud account

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more