Authentication > Integrate Okta SSO
Integrate JumpCloud SSO
Connect JumpCloud with Tallyfy using SAML-based Single Sign-On (SSO) for automatic user authentication and account creation. Setup takes about 30 minutes.
- JumpCloud administrator account
- JumpCloud SSO Package or higher (or SSO add-on)
- Tallyfy Professional or Enterprise plan
- SAML configuration values from Tallyfy Support
Here’s what you’ll do:
- Create a custom SAML application in JumpCloud
- Configure service provider settings and attribute mappings
- Exchange metadata with Tallyfy Support and enable SSO
-
Sign in to the JumpCloud Admin Portal
-
Navigate to User Authentication from the main menu
-
Select SSO Applications
-
Click the large + button to add a new application
-
In the window that appears, click Custom SAML App
-
Select the General Info tab on the New Application form
-
Enter “Tallyfy” as the Display Label
-
Optionally add a description like “Tallyfy workflow management platform”
-
Optionally upload the Tallyfy logo for easy identification
-
Click Save to proceed
First, grab Tallyfy’s service provider configuration - these tell JumpCloud where to send authentication information:
- Contact Tallyfy Support to access your organization’s profile
- Navigate to the Org Settings tab
- Click on Add Configuration Details
- Locate the default SAML values section
- You’ll need these two values:
- SP ACS URL (Assertion Consumer Service URL)
- SP Entity ID (Service Provider Entity ID)
-
In your JumpCloud SAML application, select the SSO tab
-
IDP Entity ID: This is auto-generated by JumpCloud - leave as is
-
IDP URL: This is auto-generated by JumpCloud - leave as is
-
SP Entity ID: Enter the value from Tallyfy’s “SP Entity ID” field
-
ACS URL: Enter the value from Tallyfy’s “SP ACS URL” field
-
SAMLSubject NameID: Select email from the dropdown
-
SAMLSubject NameID Format: Select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-
Keep Sign Assertion checked (default)
-
Keep Default RelayState empty unless specified by Tallyfy Support
JumpCloud needs to know which user information to send to Tallyfy. Add these three attributes:
-
Scroll down to the User Attribute Mapping section
-
Click add attribute to add the first attribute
-
Configure the email attribute:
- Service Provider Attribute Name:
email
- JumpCloud Attribute Name: Select
email
from dropdown
- Service Provider Attribute Name:
-
Click add attribute again for the first name
-
Configure the first name attribute:
- Service Provider Attribute Name:
FirstName
- JumpCloud Attribute Name: Select
firstname
from dropdown
- Service Provider Attribute Name:
-
Click add attribute one more time for the last name
-
Configure the last name attribute:
- Service Provider Attribute Name:
LastName
- JumpCloud Attribute Name: Select
lastname
from dropdown
- Service Provider Attribute Name:
-
After adding all three attributes, click Save
Your attribute mappings should look like this:
Service Provider Attribute | JumpCloud Attribute |
---|---|
FirstName | firstname |
LastName | lastname |
-
In your JumpCloud SAML application, stay on the SSO tab
-
Look for the IDP Certificate Valid section - this shows your X.509 certificate
-
Note down these three values (you’ll send them to Tallyfy Support):
- IDP Entity ID (Identity Provider Entity ID)
- IDP URL (Identity Provider Single Sign-On URL)
- IDP Certificate (X.509 Certificate)
-
Alternatively, you can export the metadata XML file:
- Click export metadata button at the bottom of the SSO tab
- Save the XML file - you can send this entire file to Tallyfy Support
- Send the IDP Entity ID to Tallyfy Support
- Send the IDP URL to Tallyfy Support
- Send the X.509 Certificate to Tallyfy Support (or send the metadata XML file)
- Tallyfy Support will configure these values in your organization’s SAML settings
- Wait for confirmation from Tallyfy Support that configuration is complete
Once Tallyfy Support confirms your settings are configured:
-
In JumpCloud, navigate to the User Groups tab in your Tallyfy application
-
Select the user groups or individual users who should have access to Tallyfy
-
Click Save
-
Toggle the application to Active status
-
In Tallyfy (coordinating with Support), toggle the SAML activation switch to enable SSO for your organization
Once everything’s configured:
- Get the Tallyfy SSO login URL from Tallyfy Support
- Share this URL with your users who have been assigned to the JumpCloud application
- Optionally, users can also access Tallyfy through their JumpCloud user portal
Here’s what happens for your users:
- Already have a Tallyfy account? They’ll log in automatically using their JumpCloud credentials
- Don’t have an account yet? Tallyfy creates one on their first login using the attributes from JumpCloud
This shows the complete authentication process from setup to user access.
What to notice:
- Steps 1-11 show the one-time setup collaboration between your Admin, JumpCloud, and Tallyfy Support
- Steps 12-18 demonstrate the actual user authentication flow that happens every login
- Tallyfy automatically creates accounts for new users (step 17) using the email and name attributes from JumpCloud
- Users can access Tallyfy either through the SSO URL or through their JumpCloud user portal
Can’t log in? Check these things first:
- Is the user assigned to the JumpCloud application?
- Are the attribute mappings exact? (names and formats are case-sensitive)
- Is the X.509 certificate still valid in JumpCloud?
- Are users using the SSO URL or JumpCloud portal - not the regular Tallyfy login page?
- Is the application status set to Active in JumpCloud?
- Still stuck? Contact Tallyfy Support
JumpCloud has some unique characteristics compared to other identity providers:
Certificate management: JumpCloud automatically generates and manages certificates for you when you activate an application. These certificates are automatically renewed, but you should monitor their expiration dates in the JumpCloud Admin Portal.
User portal access: Once configured, users can access Tallyfy through their JumpCloud user portal alongside other applications, creating a unified access point for all company tools.
Just-in-time provisioning: JumpCloud supports JIT provisioning, which means user accounts in Tallyfy are created automatically on first login without requiring manual provisioning or SCIM integration.
Group-based access: You can control Tallyfy access by assigning JumpCloud user groups rather than individual users, making it easier to manage access for teams and departments.
Authentication > Integrate OneLogin SSO
Authentication > Integrate Microsoft Entra ID SSO
Integrations > Authentication and SSO
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks