# JumpCloud

**Although JumpCloud includes a pre-configured Pritunl application, this configuration was done incorrectly by JumpCloud and should not be used. Instead create a custom SAML application as shown below.**

In the JumpCloud admin console click *New Application* then at the bottom click *Custom SAML App*.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FoqzwVKopxCsuL3UznGht%2Fjump0.png?alt=media\&token=6af7a79c-085b-467b-92aa-7901ae168f0e)

Set the *Display Name* to `Pritunl` then open the *SSO* tab at the top.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2F5TzrYaUgjk4u9m09C7VP%2Fjump1.png?alt=media\&token=5d7f6f57-afd2-4f47-a0eb-2375685585d3)

From the *SSO* tab scroll to the bottom and set *IDP URL* to `pritunl` followed by random numbers. This URL must be unique to other JumpCloud users. This URL will be needed in the next step.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FR3gIG6Hsee98SuiTrPbf%2Fjump2.png?alt=media\&token=256303e5-ab06-4b89-8bed-88c119c9007d)

Set the *IdP Entity ID* to `https://sso.jumpcloud.com/saml2/pritunl` followed by the same numbers in the URL from the previous step. Then set the *SP Entity ID* to `pritunl` and the *ACS URL* to `https://auth.pritunl.com/v1/callback/saml`. Enable both *Sign Assertion* and *Declare Redirect Endpoint*. Then set the *Default RelayState* to the URL of your Pritunl server. Set the *Login URL* to the URL of your server with the path `/sso/request`

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FC3I9CdYUf8SiWSvUQgTN%2Fjump3.png?alt=media\&token=de28e2a1-42b9-4d6b-a5b4-9bd9f69a5a9a)

To map group names to organizations in Pritunl the JumpCloud group name must match an existing organization name in Pritunl. To use this feature enable *include group attribute* and set the value to `org`.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FkoTXP6HJxhg1U20AGKCw%2Fjump4.png?alt=media\&token=36ac15dd-cac8-4fc3-839b-5ea63f8718f0)

Once done click *Activate* then open the application page. In the *SSO* tab of the SAML application copy the URL in *IdP Entity ID*. This will be needed in the next steps. While on this page copy the app ID from the URL. In this example the page URL is `https://console.jumpcloud.com/#/sso/61c44c96b87e5f50453473cf/details`, the app ID in this URL is `61c44c96b87e5f50453473cf`. This ID will be needed later.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FMXnc60nBCKAJsTO9SHC6%2Fjump5.png?alt=media\&token=66107146-86aa-4586-bf7d-fbcc3f19bd37)

On the left side click *IDP Certificate Valid* then select *Download certificate*.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FVYJ3tKg9UDzkD3s1dqoE%2Fjump6.png?alt=media\&token=b56545a9-4c1b-417e-8b7b-c7405463e429)

Open the downloaded certificate in a text editor to copy for the next steps.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2F4EsIitzTZgoDNH7k7e9i%2Fjump7.png?alt=media\&token=080415f9-1221-4be0-b72d-9a11bfb6dc3b)

From the JumpCloud administrator console click the user icon in the top right then click *API Settings*.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FgRZHLvSTnzk6Vi2WrnRd%2Fjump10.png?alt=media\&token=94f19584-0615-4e10-b715-e4d9d9442682)

Copy this API key for the next step.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FGWojO5KIX01YinuQap1t%2Fjump8.png?alt=media\&token=33fcf005-1ffc-4b9b-83e7-b057cf4ae266)

In the Pritunl web console click *Settings*. Set the *SAML Sign-On URL* and *SAML Issuer URL* to the *IdP Entity ID* from the previous steps. In this example `https://sso.jumpcloud.com/saml2/pritunl` is used. Copy the certificate downloaded in the previous steps to the *SAML Certificate* field. Set the *JumpCloud App ID* to the app ID from the URL in the previous step. Then set the *JumpCloud API Key* to the API key from the previous step.

![](https://1783284711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FhDA4eusSNQcv5QfappvI%2Fuploads%2FWcxmdMNp5GdFGMJW8uvs%2Fjump9.png?alt=media\&token=5e55460c-ebff-4ac0-a90c-54f68d2a67a0)