Skip to content

Integrate JumpCloud SSO

JumpCloud SAML/SSO Integration

Connect JumpCloud with Tallyfy using SAML-based Single Sign-On (SSO) for automatic user authentication and account creation. Setup takes about 30 minutes.

Requirements

  • JumpCloud administrator account
  • JumpCloud SSO Package or higher (or SSO add-on)
  • Tallyfy Professional or Enterprise plan
  • SAML configuration values from Tallyfy Support

Implementation process overview

Here’s what you’ll do:

  1. Create a custom SAML application in JumpCloud
  2. Configure service provider settings and attribute mappings
  3. Exchange metadata with Tallyfy Support and enable SSO

Phase 1: Create JumpCloud SAML application

Step 1: Access SSO applications

  1. Sign in to the JumpCloud Admin Portal

  2. Navigate to User Authentication from the main menu

  3. Select SSO Applications

  4. Click the large + button to add a new application

    Add SSO Application

  5. In the window that appears, click Custom SAML App

    Select Custom SAML App

Step 2: Configure general information

  1. Select the General Info tab on the New Application form

  2. Enter “Tallyfy” as the Display Label

  3. Optionally add a description like “Tallyfy workflow management platform”

  4. Optionally upload the Tallyfy logo for easy identification

  5. Click Save to proceed

    Configure general information

Phase 2: Configure SAML settings

Step 1: Obtain Tallyfy SAML values

First, grab Tallyfy’s service provider configuration - these tell JumpCloud where to send authentication information:

  1. Contact Tallyfy Support to access your organization’s profile
  2. Navigate to the Org Settings tab
  3. Click on Add Configuration Details
  4. Locate the default SAML values section
  5. You’ll need these two values:
    • SP ACS URL (Assertion Consumer Service URL)
    • SP Entity ID (Service Provider Entity ID)

Step 2: Enter service provider details in JumpCloud

  1. In your JumpCloud SAML application, select the SSO tab

  2. IDP Entity ID: This is auto-generated by JumpCloud - leave as is

  3. IDP URL: This is auto-generated by JumpCloud - leave as is

  4. SP Entity ID: Enter the value from Tallyfy’s “SP Entity ID” field

  5. ACS URL: Enter the value from Tallyfy’s “SP ACS URL” field

    Configure SP settings

  6. SAMLSubject NameID: Select email from the dropdown

  7. SAMLSubject NameID Format: Select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

  8. Keep Sign Assertion checked (default)

  9. Keep Default RelayState empty unless specified by Tallyfy Support

Step 3: Configure attribute statements

JumpCloud needs to know which user information to send to Tallyfy. Add these three attributes:

  1. Scroll down to the User Attribute Mapping section

  2. Click add attribute to add the first attribute

  3. Configure the email attribute:

    • Service Provider Attribute Name: email
    • JumpCloud Attribute Name: Select email from dropdown
  4. Click add attribute again for the first name

  5. Configure the first name attribute:

    • Service Provider Attribute Name: FirstName
    • JumpCloud Attribute Name: Select firstname from dropdown
  6. Click add attribute one more time for the last name

  7. Configure the last name attribute:

    • Service Provider Attribute Name: LastName
    • JumpCloud Attribute Name: Select lastname from dropdown

    Attribute mapping configuration

  8. After adding all three attributes, click Save

Your attribute mappings should look like this:

Service Provider AttributeJumpCloud Attribute
emailemail
FirstNamefirstname
LastNamelastname

Phase 3: Configure Tallyfy with JumpCloud information

Step 1: Obtain JumpCloud SAML metadata

  1. In your JumpCloud SAML application, stay on the SSO tab

  2. Look for the IDP Certificate Valid section - this shows your X.509 certificate

  3. Note down these three values (you’ll send them to Tallyfy Support):

    • IDP Entity ID (Identity Provider Entity ID)
    • IDP URL (Identity Provider Single Sign-On URL)
    • IDP Certificate (X.509 Certificate)

    JumpCloud SAML metadata

  4. Alternatively, you can export the metadata XML file:

    • Click export metadata button at the bottom of the SSO tab
    • Save the XML file - you can send this entire file to Tallyfy Support

Step 2: Provide information to Tallyfy Support

  1. Send the IDP Entity ID to Tallyfy Support
  2. Send the IDP URL to Tallyfy Support
  3. Send the X.509 Certificate to Tallyfy Support (or send the metadata XML file)
  4. Tallyfy Support will configure these values in your organization’s SAML settings
  5. Wait for confirmation from Tallyfy Support that configuration is complete

Step 3: Activate and assign users

Once Tallyfy Support confirms your settings are configured:

  1. In JumpCloud, navigate to the User Groups tab in your Tallyfy application

  2. Select the user groups or individual users who should have access to Tallyfy

  3. Click Save

  4. Toggle the application to Active status

    Activate application

  5. In Tallyfy (coordinating with Support), toggle the SAML activation switch to enable SSO for your organization

User provisioning and access

Once everything’s configured:

  1. Get the Tallyfy SSO login URL from Tallyfy Support
  2. Share this URL with your users who have been assigned to the JumpCloud application
  3. Optionally, users can also access Tallyfy through their JumpCloud user portal

Here’s what happens for your users:

  • Already have a Tallyfy account? They’ll log in automatically using their JumpCloud credentials
  • Don’t have an account yet? Tallyfy creates one on their first login using the attributes from JumpCloud

SSO authentication flow

This shows the complete authentication process from setup to user access.

Diagram

What to notice:

  • Steps 1-11 show the one-time setup collaboration between your Admin, JumpCloud, and Tallyfy Support
  • Steps 12-18 demonstrate the actual user authentication flow that happens every login
  • Tallyfy automatically creates accounts for new users (step 17) using the email and name attributes from JumpCloud
  • Users can access Tallyfy either through the SSO URL or through their JumpCloud user portal

Troubleshooting

Can’t log in? Check these things first:

  • Is the user assigned to the JumpCloud application?
  • Are the attribute mappings exact? (names and formats are case-sensitive)
  • Is the X.509 certificate still valid in JumpCloud?
  • Are users using the SSO URL or JumpCloud portal - not the regular Tallyfy login page?
  • Is the application status set to Active in JumpCloud?
  • Still stuck? Contact Tallyfy Support

JumpCloud-specific notes

JumpCloud has some unique characteristics compared to other identity providers:

Certificate management: JumpCloud automatically generates and manages certificates for you when you activate an application. These certificates are automatically renewed, but you should monitor their expiration dates in the JumpCloud Admin Portal.

User portal access: Once configured, users can access Tallyfy through their JumpCloud user portal alongside other applications, creating a unified access point for all company tools.

Just-in-time provisioning: JumpCloud supports JIT provisioning, which means user accounts in Tallyfy are created automatically on first login without requiring manual provisioning or SCIM integration.

Group-based access: You can control Tallyfy access by assigning JumpCloud user groups rather than individual users, making it easier to manage access for teams and departments.

Authentication > Integrate Okta SSO

Okta SAML/SSO integration with Tallyfy enables automatic user authentication and account creation through a three-phase setup process involving creating an Okta SAML application configuring settings in both systems and coordinating with Tallyfy Support to exchange configuration metadata for seamless single sign-on within 30 minutes.

Authentication > Integrate OneLogin SSO

OneLogin SAML/SSO integration with Tallyfy enables automatic user authentication through OneLogin credentials via a collaborative setup process that involves creating a SAML application connector configuring authentication settings and working with Tallyfy Support to exchange configuration details for seamless single sign-on with automatic user provisioning.

Authentication > Integrate Microsoft Entra ID SSO

Microsoft Entra ID SSO integration with Tallyfy provides seamless single sign-on authentication and automatic user provisioning through a collaborative 30-minute setup process that involves creating an enterprise application configuring SAML settings and coordinating with Tallyfy Support to exchange configuration details.

Integrations > Authentication and SSO

Tallyfy offers free SSO integration with enterprise identity providers like Microsoft Entra ID Google Workspace Okta OneLogin and JumpCloud allowing teams to use corporate credentials for secure authentication while also enabling SSO-based approvals as a cost-effective alternative to traditional e-signature solutions for internal company processes.