Skip to main content

JumpCloud SSO

Testiny can be configured to use JumpCloud as your identity provider for single sign-on (SSO). Testiny supports configuring both SSO and email login, or restricting logins by requiring SSO logins. This guide explains how to configure the JumpCloud integration using the OpenID Connect protocol.

Paid feature

This feature is only available in the enterprise plan. Please contact us at [email protected] for more information.

Configuring SSO

To configure SSO, you first need to create an application integration in JumpCloud and then configure SSO in Testiny.

Configuration with OpenID Connect in JumpCloud

  1. In JumpCloud, create a new Application Integration and select Custom Application: JumpCloud SSO via OIDC Configuration - Step 1

  2. Select the feature "Manage Single Sign-On (SSO)" and then select option Configure SSO with OIDC: JumpCloud SSO via OIDC Configuration - Step 2

  3. Define the app name, logo and description. Confirm and create the application: JumpCloud SSO via OIDC Configuration - Step 3

  4. In SSO tab:

    1. Optionally enable Refresh Token
    2. Set Redirect URIs to:
      1. https://app.testiny.io/api/v1/oauth/redirect
      2. https://app.testiny.io/api/v1/oauth/logout (optional)
    3. Client Authentication Type is Client Secret Post
    4. Login URL can be set to https://app.testiny.io/login

    JumpCloud SSO via OIDC Configuration - Step 4

  5. Add Email and Profile scope: JumpCloud SSO via OIDC Configuration - Step 5

  6. Click Activate to create the application and copy the client ID and client secret. You'll need them in the next step when configuring SSO in Testiny. JumpCloud SSO via OIDC Configuration - Step 6

If you would like to use Testiny's logo for the configuration, you can download the Testiny logo here.

Configuration in Testiny

To configure SSO, you need to have admin rights in Testiny. In Testiny, go to the settings and select Organization (1), as shown in the screenshot below. Click on 'Configure single sign-on' (2). A side panel (3) opens where you need to define the following options:

  1. Provider — Choose 'OpenID Connect' from the list to configure SSO with JUmpCloud via OpenId Connect (OIDC)
  2. OpenID Configuration — Specify the URL to the OpenID Connect metadata/configuration.
    JumpCloud has different configurations per location, e.g. for US region it should be https://oauth.id.jumpcloud.com/.well-known/openid-configuration, but for EU it might be https://oauth.id.eu.jumpcloud.com/.well-known/openid-configuration. Follow JumpCloud's documentation on where to get your openid configuration URL.
  3. SSO Domains — Enter the domains that will be able to use single sign-on
    3.1 If you have already invited users from these domains to your Testiny organization, an option will show up to change the login type of these users. By default, the users' login type will be set to "SSO allowed".
  4. Client ID — Enter the client ID of the application created in your SSO provider
  5. Client Secret — Enter the client secret of the application created in your SSO provider
  6. Click on "Save". Once SSO is successfully configured, you can invite SSO users to your organization or update existing users to use SSO login in the user management settings.

Testiny SSO Configuration Steps

To invite users to your organization, navigate to Settings > User management and click the "Invite" button in the top left corner. A side panel will appear, where you can choose whether the SSO login is allowed, required or disabled:

  • allowed — the user can log in via SSO, but can also create a password in Testiny and use the email login
  • required — the user must log in via SSO
  • disabled — the user cannot log in via SSO, only with email login

Then, enter the email address of the user to be added and optionally the first and last name. In the "Role" drop-down, you can adjust the user’s permissions. Learn more about the user management in Testiny.

Logging into Testiny

When SSO is configured in your Testiny organization and the user is invited as an SSO user, they can simply log in to Testiny on the login page. When SSO is required, the user can only log in with SSO. If SSO is allowed but not required, the user might also log in via email and password.

note

Please note that the owner of the organization in Testiny cannot be restricted to require SSO login so that the owner can always log in with email & password.

Disabling SSO

To disable SSO, go to Settings > Organization and click the delete icon next to the configured provider. A dialog will be shown to see which users are affected and cannot log in via SSO anymore. After confirming, SSO is disabled and you continue using email/password login or set up a new SSO provider.

Changing your SSO provider

If you want to modify your SSO configuration or change to another SSO provider, simply click the "Configure single sign-on" button to open the configuration side panel. You can change the SSO provider and set up a new SSO configuration, or add new SSO domains to your current configuration. If you remove an SSO domain, single sign-on may be deactivated for users in this SSO domain.