DEV Community

Yevhen Tienkaiev
Yevhen Tienkaiev

Posted on • Edited on

2

Configure Grafana Cloud SAML to work with JumpCloud

JumpCloud SAML 

Display Label: Grafana Cloud

IdP Entity ID: JumpCloud
SP Entity ID: https://bla.grafana.net/saml/metadata
ACS URL: https://bla.grafana.net/saml/acs
SAMLSubject NameID: email
SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm: RSA-SHA256
Sign Assertion: < checked >
Default Relay State: https://bla.grafana.net/
Login URL: https://bla.grafana.net/login
Declare Redirect Endpoint:  < checked >
IDP URL: https://sso.jumpcloud.com/saml2/bla1

User Attributes:
Service Provider Attribute Name: displayName ; JumpCloud Attribute Name: fullname
Service Provider Attribute Name: mail ; JumpCloud Attribute Name: email
Service Provider Attribute Name: username ; JumpCloud Attribute Name: username

GROUP ATTRIBUTES:
Include group attribute: group
Enter fullscreen mode Exit fullscreen mode

Generate certificate

Use official guide

Grafana Cloud SAML 

General settings
Display name for this SAML 2.0 integration: JumpCloud
Allow signup: < checked >
Auto login: < checked >
Single logout: < unchecked >
Identity provider initiated login: < checked >
Relay state *: https://bla.grafana.net/
Max issue delay: 90s
Metadata valid duration: 48h

Key and certificate
Signing and encryption key and certificate (required): Base64-encoded content
Private key: < upload key.pem file from step Generate certificate>
Certificate: < upload cert.pem file from step Generate certificate >
Sign requests: < checked >
Signature algorithm: RSA-SHA256 (default)

Connect Grafana with Identity Provider
IdP's metadata: URL for metadata ; Copy Metadata URL from JumpCloud

User mapping
Name attribute: displayName
Login attribute: username
Email attribute: mail
Groups attribute: < blank >
Role attribute: group
Org attribute: < blank >

Role mapping
Editor: developers
Admin: admins
Skip organization role sync: < unchecked >
Allowed organizations: < blank >
Name identifier format: Email address

Test and enable
Hit button "Save and Enable"
Enter fullscreen mode Exit fullscreen mode

Nuances

  • Make sure that displayName has text as Grafana SAML not accept empty value. This means that in JumpCloud you should have fullname set
  • Example on how added multiple roles: 
role_values_admin = DevOps,Admins
role_values_editor = Build,"Extra Engineering"
Enter fullscreen mode Exit fullscreen mode
  • IDP URL should be unique for all applications on your JumpCloud account
profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

profile
Heroku
 Promoted

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Read next

rachellovestowrite profile image

Deutsche Bank's Embrace of Open Source: Revolutionizing Financial Technology

Rachel Duncan -

kallileiser profile image

Exploring the Metaverse: Decentraland’s Smart Contracts and Open Source Revolution

kallileiser -

ahmmrizv9 profile image

Elevating Open Source Security with Blockchain: A Deep Dive into the DMarket Approach

Ahmend Riss -

vanessamcdurban profile image

Decentralized Governance in Open Source: Bridging Innovation and Community

Vanny Durby -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay