In the JumpCloud admin console click New Application then at the bottom click Custom SAML App.
Set the Display Name to
Pritunl then open the SSO tab at the top.
From the SSO tab scroll to the bottom and set IDP URL to
pritunl followed by random numbers. This URL must be unique to other JumpCloud users. This URL will be needed in the next step.
Set the IdP Entity ID to
https://sso.jumpcloud.com/saml2/pritunl followed by the same numbers in the URL from the previous step. Then set the SP Entity ID to
pritunl and the ACS URL to
https://auth.pritunl.com/v1/callback/saml. Enable both Sign Assertion and Declare Redirect Endpoint. Then set the Default RelayState to the URL of your Pritunl server. Set the Login URL to the URL of your server with the path
To map group names to organizations in Pritunl the JumpCloud group name must match an existing organization name in Pritunl. To use this feature enable include group attribute and set the value to
Once done click Activate then open the application page. In the SSO tab of the SAML application copy the URL in IdP Entity ID. This will be needed in the next steps.
On the left side click IDP Certificate Valid then select Download certificate.
Open the downloaded certificate in a text editor to copy for the next steps.
From the JumpCloud administrator console click the user icon in the top right then click API Settings.
Copy this API key for the next step.
In the Pritunl web console click Settings. Set the SAML Sign-On URL and SAML Issuer URL to the IdP Entity ID from the previous steps. In this example
https://sso.jumpcloud.com/saml2/pritunl is used. Copy the certificate downloaded in the previous steps to the SAML Certificate field. Then set the JumpCloud API Key to the API key from the previous step.
Updated 16 days ago