Skip to main content

JumpCloud SSO

Set up JumpCloud as your identity provider for Webrix.

Prerequisites

  • An active JumpCloud account with administrative privileges
  • A Webrix account with administrative access

Supported features

SSO Features

  • SP-initiated SSO

SCIM Features

  • Import Users
  • Create Users
  • Update User Attributes
  • Deactivate Users
  • Group Push

Configuration steps

Configure SSO

  1. In JumpCloud Admin Console, go to SSO and create a Custom OIDC App Connector

  2. Enter the application details:

    • Application label: Enter a name for your app (recommended: "Webrix")

  3. Set the Redirect URI to:

    • For SaaS deployments: https://{your-webrix-org}.mcp-s.com/api/auth/callback/jumpcloud
    • For On-Premise deployments: {your-connect-url}/api/auth/callback/jumpcloud

  4. Under Client Authentication Type, select Client Secret Basic

    JumpCloud Settings

  5. Under Attribute Mapping (optional), select both Email and Profile standard scopes

    JumpCloud Attributes

  6. Copy the Client ID and Client Secret from JumpCloud

  7. Open a new browser tab and go to your Webrix Admin Console at https://app.webrix.ai/admin/settings

  8. Navigate to SettingsAuthentication

  9. Select Provider: JumpCloud from the dropdown

  10. Enter the following values:

    • Client ID: Paste the Client ID from step 6
    • Client Secret: Paste the Client Secret from step 6

  11. Click Save Changes

Your SSO configuration is now complete.

Assign users or groups

  1. Return to the JumpCloud Admin Console
  2. In the Webrix app, navigate to the User Groups tab
  3. Select the user groups who should have access to Webrix
  4. Click Save

SP-initiated SSO

Users can sign in to Webrix by starting from the Webrix dashboard:

  1. Navigate to your Webrix dashboard at https://{your-webrix-org}.mcp-s.com
  2. You'll be automatically redirected to JumpCloud to authenticate
  3. Enter your JumpCloud credentials (if not already signed in to JumpCloud)
  4. After successful authentication, you'll be redirected back to the Webrix dashboard

Configure SCIM provisioning

If you want to automatically provision and manage users from JumpCloud to Webrix, follow these steps:

Generate API token in Webrix

  1. In your Webrix Admin Console, navigate to https://app.webrix.ai/admin/api-tokens

  2. Click Generate Token

  3. Enter a descriptive name for the token (for example, "JumpCloud SCIM")

  4. Click Generate

  5. Copy the API Token (it starts with wxt_...)

    Important: Save this token securely. You won't be able to see it again.

Configure SCIM in JumpCloud

  1. Return to the JumpCloud Admin Console
  2. Navigate to the Webrix application you created earlier
  3. Click on the Identity Management tab
  4. Click Configure in the SCIM section
  5. Enter the following values:
    • Base URL:
      • For SaaS deployments: https://app.webrix.ai/scim/v2
      • For On-Premise deployments: {your-app-url}/scim/v2
    • Token Key: Select API Token (Bearer)
    • Token: Paste the API token from the previous step (starts with wxt_...)
  6. Click Test Connection to verify the connection
  7. Click Activate

Enable provisioning features

  1. After activation, you'll see the SCIM configuration options
  2. Enable the following features:
    • Create users: Automatically create new users in Webrix when assigned in JumpCloud
    • Update user attributes on changes: Sync user attribute changes from JumpCloud to Webrix
    • Delete / Suspend users on removal: Automatically deactivate users in Webrix when unassigned in JumpCloud
    • Enable group push: Sync group memberships from JumpCloud to Webrix
  3. Click Save

Configure attribute mapping

  1. In the Attribute Mapping section, ensure the following mappings are configured:
    • userName → email
    • name.givenName → firstname
    • name.familyName → lastname
    • emails[primary eq true].value → email
    • active → suspended (inverted)
  2. Click Save

Your SCIM provisioning is now configured. New users assigned to the Webrix app in JumpCloud will be automatically created in Webrix, and changes to user attributes or group memberships will be synchronized automatically.

Contact support

If you continue to experience issues, contact Webrix support at [email protected] with the following information:

  • Your JumpCloud organization domain
  • The error message or behavior you're experiencing
  • Screenshots of your configuration (with sensitive information redacted)

Docs: https://jumpcloud.com/support/sso-with-oidc