Integrate JumpCloud SSO

JumpCloud SAML/SSO integration

Connect JumpCloud with Tallyfy using SAML-based SSO for automatic user login and account creation. Setup takes about 30 minutes.

Coordination required

SSO setup requires exchanging configuration between your organization and Tallyfy. You can’t complete this on your own - submit a support ticket to get started.

Requirements

• JumpCloud administrator account
• JumpCloud SSO Package or higher (or SSO add-on)
• Tallyfy Pro or Enterprise plan
• SAML configuration values from Tallyfy Support

What you’ll do

1. Create a custom SAML application in JumpCloud
2. Configure service provider settings and attribute mappings
3. Exchange metadata with Tallyfy Support and enable SSO

Phase 1 - Create JumpCloud SAML application

Step 1 - Access SSO applications

1. Sign in to the JumpCloud Admin Portal

2. Go to Access from the main menu

3. Select SSO Applications

4. Click the + button to add a new application

   

5. Click Custom SAML App

   

Step 2 - Configure general info

1. Select the General Info tab

2. Enter “Tallyfy” as the Display Label

3. Optionally add a description and upload the Tallyfy logo

4. Click Save

   

Phase 2 - Configure SAML settings

Step 1 - Get Tallyfy SAML values

Tallyfy’s service provider configuration tells JumpCloud where to send authentication data.

1. Contact Tallyfy Support to access your organization’s profile
2. Go to the Org Settings tab
3. Click Add Configuration Details
4. Locate the default SAML values section
5. You’ll need two values:
   • SP ACS URL (Assertion Consumer Service URL)
   • SP Entity ID (Service Provider Entity ID)

Step 2 - Enter service provider details in JumpCloud

1. In your JumpCloud SAML application, select the SSO tab

2. IDP Entity ID - auto-generated by JumpCloud, leave as is

3. IDP URL - auto-generated by JumpCloud, leave as is

4. SP Entity ID - enter the value from Tallyfy’s “SP Entity ID” field

5. ACS URL - enter the value from Tallyfy’s “SP ACS URL” field

   

6. SAMLSubject NameID - select email from the dropdown

7. SAMLSubject NameID Format - select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

8. Keep Sign Assertion checked (default)

9. Leave Default RelayState empty unless Tallyfy Support says otherwise

Step 3 - Configure attribute statements

JumpCloud needs to know which user info to send to Tallyfy. Add these three attributes:

1. Scroll to the User Attribute Mapping section

2. Click add attribute and configure the email attribute:

   • Service Provider Attribute Name: email
   • JumpCloud Attribute Name: Select email

3. Click add attribute again for the first name:

   • Service Provider Attribute Name: FirstName
   • JumpCloud Attribute Name: Select firstname

4. Click add attribute one more time for the last name:

   • Service Provider Attribute Name: LastName
   • JumpCloud Attribute Name: Select lastname

   

5. Click Save

These names are case-sensitive. Your mappings should look like this:

Service Provider Attribute	JumpCloud Attribute
email	email
FirstName	firstname
LastName	lastname

Phase 3 - Configure Tallyfy with JumpCloud info

Step 1 - Get JumpCloud SAML metadata

1. In your JumpCloud SAML application, stay on the SSO tab

2. Find the IDP Certificate Valid section

3. Note these three values (you’ll send them to Tallyfy Support):

   • IDP Entity ID
   • IDP URL (Single Sign-On URL)
   • IDP Certificate (X.509 Certificate)

   

4. Alternatively, click export metadata at the bottom of the SSO tab and save the XML file to send to Tallyfy Support instead

Step 2 - Send info to Tallyfy Support

1. Send the IDP Entity ID, IDP URL, and X.509 Certificate to Tallyfy Support (or send the metadata XML file)
2. Tallyfy Support will configure these values in your organization’s SAML settings
3. Wait for confirmation that configuration is complete

Step 3 - Activate and assign users

Once Tallyfy Support confirms your settings are configured:

1. In JumpCloud, go to the User Groups tab in your Tallyfy application

2. Select the user groups or individual users who should access Tallyfy

3. Click Save

4. Toggle the application to Active

   

5. Coordinate with Tallyfy Support to toggle the SAML activation switch for your organization

User provisioning and access

Once everything’s configured:

1. Get the Tallyfy SSO login URL from Tallyfy Support
2. Share this URL with users assigned to the JumpCloud application
3. Users can also access Tallyfy through their JumpCloud user portal

What happens at login:

• Existing Tallyfy account - they’re logged in automatically with JumpCloud credentials
• No account yet - Tallyfy creates one on first login using the email, first name, and last name from JumpCloud

SSO authentication flow

• Steps 1-11 are the one-time setup between your Admin, JumpCloud, and Tallyfy Support
• Steps 12-18 happen every time a user logs in
• Tallyfy auto-creates accounts for new users (step 17) using email and name attributes from JumpCloud

Troubleshooting

Can’t log in? Check these first:

• Is the user assigned to the JumpCloud application?
• Are attribute mappings exact? Names are case-sensitive - FirstName not firstname
• Is the X.509 certificate still valid in JumpCloud?
• Are users going to the SSO URL or JumpCloud portal - not the regular Tallyfy login page?
• Is the application set to Active in JumpCloud?
• Still stuck? Contact Tallyfy Support.

JumpCloud-specific notes

Certificate management - JumpCloud auto-generates and manages certificates when you activate an application. Monitor expiration dates in the JumpCloud Admin Portal.

User portal access - Users can access Tallyfy through their JumpCloud portal alongside other apps.

Just-in-time provisioning - User accounts in Tallyfy are created automatically on first SSO login. No manual provisioning or SCIM setup needed.

Group-based access - Control Tallyfy access by assigning JumpCloud user groups rather than individual users.

SSO with AI tools

Want to extend JumpCloud identity management to AI-powered workflow tools? Check out SSO patterns with MCP servers for more.

Related articles

Authentication > Integrate Okta SSO

Set up Okta SAML/SSO with Tallyfy for single sign-on and automatic user provisioning by creating a SAML app in Okta and exchanging config with Tallyfy Support.

Authentication > Integrate OneLogin SSO

Set up OneLogin SAML/SSO with Tallyfy to let your team sign in with OneLogin credentials - covers creating a SAML connector, mapping attributes, and exchanging metadata with Tallyfy Support.

Authentication > Integrate Microsoft Entra ID SSO

Connect Microsoft Entra ID to Tallyfy for SSO by creating an enterprise app in Azure Portal and configuring SAML attribute mappings.

Integrations > Authentication and SSO

Tallyfy offers free SSO for paid plans - connect to Microsoft Entra ID, Google Workspace, Okta, OneLogin or JumpCloud with SSO-only enforcement and automatic account provisioning on first login.

Was this helpful?

YesNo