Integrate JumpCloud SSO

JumpCloud SAML/SSO integration

Connect JumpCloud with Tallyfy using SAML-based SSO for automatic user login and account creation. Setup takes about 30 minutes.

Coordination required

SSO setup requires exchanging configuration between your organization and Tallyfy. You can’t complete this on your own - submit a support ticket to get started.

Requirements

• JumpCloud administrator account
• JumpCloud SSO Package or higher (or SSO add-on)
• Tallyfy Pro or Enterprise plan
• SAML configuration values from Tallyfy Support

What you’ll do

1. Create a custom SAML application in JumpCloud
2. Configure service provider settings and attribute mappings
3. Exchange metadata with Tallyfy Support and enable SSO

Phase 1 - Create JumpCloud SAML application

Step 1 - Access SSO applications

1. Sign in to the JumpCloud Admin Portal

2. Go to Access from the main menu

3. Select SSO Applications

4. Click the + button to add a new application

   

5. Click Custom SAML App

   

Step 2 - Configure general info

1. Select the General Info tab

2. Enter “Tallyfy” as the Display Label

3. Optionally add a description and upload the Tallyfy logo

4. Click Save

   

Phase 2 - Configure SAML settings

Step 1 - Get Tallyfy SAML values

Tallyfy’s service provider configuration tells JumpCloud where to send authentication data.

1. Contact Tallyfy Support to access your organization’s profile
2. Go to the Org Settings tab
3. Click Add Configuration Details
4. Locate the default SAML values section
5. You’ll need two values:
   • SP ACS URL (Assertion Consumer Service URL)
   • SP Entity ID (Service Provider Entity ID)

Step 2 - Enter service provider details in JumpCloud

1. In your JumpCloud SAML application, select the SSO tab

2. IDP Entity ID - auto-generated by JumpCloud, leave as is

3. IDP URL - auto-generated by JumpCloud, leave as is

4. SP Entity ID - enter the value from Tallyfy’s “SP Entity ID” field

5. ACS URL - enter the value from Tallyfy’s “SP ACS URL” field

   

6. SAMLSubject NameID - select email from the dropdown

7. SAMLSubject NameID Format - select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

8. Keep Sign Assertion checked (default)

9. Leave Default RelayState empty unless Tallyfy Support says otherwise

Step 3 - Configure attribute statements

JumpCloud needs to know which user info to send to Tallyfy. Add these three attributes:

1. Scroll to the User Attribute Mapping section

2. Click add attribute and configure the email attribute:

   • Service Provider Attribute Name: email
   • JumpCloud Attribute Name: Select email

3. Click add attribute again for the first name:

   • Service Provider Attribute Name: FirstName
   • JumpCloud Attribute Name: Select firstname

4. Click add attribute one more time for the last name:

   • Service Provider Attribute Name: LastName
   • JumpCloud Attribute Name: Select lastname

   

5. Click Save

These names are case-sensitive. Your mappings should look like this:

Service Provider Attribute	JumpCloud Attribute
email	email
FirstName	firstname
LastName	lastname

Phase 3 - Configure Tallyfy with JumpCloud info

Step 1 - Get JumpCloud SAML metadata

1. In your JumpCloud SAML application, stay on the SSO tab

2. Find the IDP Certificate Valid section

3. Note these three values (you’ll send them to Tallyfy Support):

   • IDP Entity ID
   • IDP URL (Single Sign-On URL)
   • IDP Certificate (X.509 Certificate)

   

4. Alternatively, click export metadata at the bottom of the SSO tab and save the XML file to send to Tallyfy Support instead

Step 2 - Send info to Tallyfy Support

1. Send the IDP Entity ID, IDP URL, and X.509 Certificate to Tallyfy Support (or send the metadata XML file)
2. Tallyfy Support will configure these values in your organization’s SAML settings
3. Wait for confirmation that configuration is complete

Step 3 - Activate and assign users

Once Tallyfy Support confirms your settings are configured:

1. In JumpCloud, go to the User Groups tab in your Tallyfy application

2. Select the user groups or individual users who should access Tallyfy

3. Click Save

4. Toggle the application to Active

   

5. Coordinate with Tallyfy Support to toggle the SAML activation switch for your organization

User provisioning and access

Once everything’s configured:

1. Get the Tallyfy SSO login URL from Tallyfy Support
2. Share this URL with users assigned to the JumpCloud application
3. Users can also access Tallyfy through their JumpCloud user portal

What happens at login:

• Existing Tallyfy account - they’re logged in automatically with JumpCloud credentials
• No account yet - Tallyfy creates one on first login using the email, first name, and last name from JumpCloud

SSO authentication flow

• Steps 1-11 are the one-time setup between your Admin, JumpCloud, and Tallyfy Support
• Steps 12-18 happen every time a user logs in
• Tallyfy auto-creates accounts for new users (step 17) using email and name attributes from JumpCloud

Troubleshooting

Can’t log in? Check these first:

• Is the user assigned to the JumpCloud application?
• Are attribute mappings exact? Names are case-sensitive - FirstName not firstname
• Is the X.509 certificate still valid in JumpCloud?
• Are users going to the SSO URL or JumpCloud portal - not the regular Tallyfy login page?
• Is the application set to Active in JumpCloud?
• Still stuck? Contact Tallyfy Support.

JumpCloud-specific notes

Certificate management - JumpCloud auto-generates and manages certificates when you activate an application. Monitor expiration dates in the JumpCloud Admin Portal.

User portal access - Users can access Tallyfy through their JumpCloud portal alongside other apps.

Just-in-time provisioning - User accounts in Tallyfy are created automatically on first SSO login. No manual provisioning or SCIM setup needed.

Group-based access - Control Tallyfy access by assigning JumpCloud user groups rather than individual users.

SSO with AI tools

Want to extend JumpCloud identity management to AI-powered workflow tools? Check out SSO patterns with MCP servers for more.

Related articles

Authentication > Integrate Okta SSO

Tallyfy integrates with Okta through SAML 2.0 SSO by creating an Okta SAML app and exchanging configuration details with Tallyfy Support so users can authenticate automatically and get accounts provisioned on first login in about 30 minutes.

Authentication > Integrate Microsoft Entra ID SSO

Tallyfy integrates with Microsoft Entra ID (formerly Azure Active Directory) for SAML-based single sign-on by having an admin create an enterprise app in Entra ID and exchange SAML configuration values and certificates with Tallyfy Support so that users can log in automatically and get accounts provisioned on first access.

Authentication > Integrate OneLogin SSO

Tallyfy integrates with OneLogin through SAML-based Single Sign-On by having an admin create a custom SAML connector in OneLogin and exchange configuration values like ACS URLs and X.509 certificates with Tallyfy Support so that team members can authenticate through a special SSO login URL with automatic provisioning for new users on first access.

Integrations > Authentication and SSO

Tallyfy offers free SSO on all paid plans with support for Microsoft Entra ID and Google Workspace and Okta and OneLogin and JumpCloud and any SAML 2.0 provider — letting teams log in with existing corporate credentials while also enabling SSO-based approval audit trails that can replace costly e-signature tools for internal use cases like purchase orders and policy acknowledgments.

Was this helpful?

YesNo