Single Sign-On OIDC Integration - JumpCloud

If you have an Enterprise account in Row Zero, you can configure single sign-on (SSO) in JumpCloud using OpenID Connect (OIDC).

Row Zero is configured to use the OpenID Connect implicit flow for single sign-on with JumpCloud. We request the openid profile email scopes and assume email_verified = true for all users logging in through JumpCloud enterprise integrations.

Here is the information that you will need to configure a new Row Zero OIDC application in JumpCloud:

  1. In the JumpCloud console, click on the "SSO Applications" link in the left hand panel: sso applications
  2. Click on the "+ Add New Application" button towards the top left: sso add new application
  3. On the new "Create New Application Integration" screen, press the "Select" link under "Customer Application": sso create new application
  4. When prompted for "Which application would you like to integrate?", click the "Next" button in the bottom right hand corner: sso application to integrate
  5. When prompted for "Select the features you would like to enable", check "Manage Single Sign-On (SSO)", "Configure SSO with OIDC", and "Export users to this app (Identity Management)"; then click "Next": sso oidc features
  6. When prompted for "Enter general info":
    • For Display Label type "Row Zero"
    • Click the Logo radio button
    • Dowload the Row Zero log by clicking this link
    • Click Choose a File and upload the Row Zero logo
    • Click the Save Application button sso general information
  7. Once the Row Zero application was successfully added, click on the "Configure Application" button: sso oidc review
  8. In the "OpenID Connect" page under the "Endpoint Configuration" section:
    • For Redirect URIs enter https://auth.rowzero.io/login/callback
    • For Client Authentication Type select Client Secret Post
    • For Login URL type https://rowzero.com/startlogin?connection=<CONNECTION_NAME>
      • Note: You will need to replace CONNECTION_NAME above with an identifier that Row Zero will provide. Contact us when you are setting up your SSO integration and we will give you the CONNECTION_NAME to use. sso oidc endpoint configuration
  9. In the "OpenID Connect" page under the "Attribute Mapping (optional)" section:
    • For Standard Scopes select Email and Profile sso oidc attribute mapping jumpcloud-sso-oidc-attribute-mapping
  10. In the "OpenID Connect" page under the "Attribute Mapping (optional)" section, verify that the "Constant Attributes" contains the email_verified --> true attribute (if not add it); once complete click the "Activate" button: sso oidc email verified
  11. When the "Application Saved" dialogue box appears, save the "Client ID" and "Client Secret" to later provide to Row Zero: sso oidc client id secret
  12. In JumpCloud under the "SSO Applications" tab, click on the "Row Zero" application: row zero oidc
  13. On the "SSO" tab, under the "Attribute Mapping (optional)" section, update the mappings to the following:
    • Under User Attribute Mapping:
      • preferred_username --> email
      • name --> displayname
      • email --> email
    • Under Constant Attributes:
      • email_verified --> true
    • Click the "Save" button sso oidc update attribute mappings
  14. Click on the "User Groups" tab and select any users or groups you wish to allow access to Row Zero and click the "Save" button. sso oidc users and groups

Once you have configured a Row Zero OIDC application in JumpCloud, contact us at Row Zero so that we can finish configuring the SSO integration on our end. This is the information that we will need from you:

  1. Client ID
  2. Client Secret sso oidc client id secret