Skip to main content

Set Up Torq SSO: JumpCloud SAML 2.0

Use JumpCloud's built-in SSO flow with Torq via SAML 2.0.

Updated this week

Use JumpCloud as your organization's SSO and enable single sign-on in Torq for your workspace.

Step One: Create an SSO Configuration in JumpCloud

  1. Navigate to JumpCloud: Go to Settings > SSO.

  2. Configure the SSO:

    1. For the IdP Entity ID, enter JumpCloud.

    2. For ACS URLs, enter the login redirect URL applicable to your regional deployment. Use https://app.torq.io/__/auth/handler for the U.S. and https://app.eu.torq.io/__/auth/handler for the EU.

    3. For the signature algorithm, enter RSA-SHA256.

    4. For the default RelayState, enter the login redirect URL applicable to your regional deployment. Use https://app.torq.io/__/auth/handler for the U.S. and https://app.eu.torq.io/__/auth/handler for the EU.

    5. Enter the login URL applicable to your regional deployment. Use https://app.torq.io/auth/SSOSignIn for the U.S. and https://app.eu.torq.io/auth/SSOSignIn for the EU.

    6. Select Declare Redirect Endpoint.

    7. Enter https://sso.jumpcloud.com/saml2/<NAME OF YOUR APP> as the IdP URL.

    8. Define the following three user attributes:

      1. Enter email for both the service provider and JumpCloud attribute names.

      2. Enter first_name for the service provider and firstname for JumpCloud.

      3. Enter last_name for the service provider and lastname for JumpCloud.

    9. Select include group attribute and enter groups.

  3. Finalize: Click Save and copy the public certificate to save it for later.

Step Two: Create a New SSO Configuration in Torq

  1. Open Torq: Navigate to Settings > SSO Login.

  2. Add an IdP Connection: In the IdP Connection section, click Add.

  3. Configure the Connection:

    1. Select the SAML 2.0 protocol.

    2. Enter https://sso.jumpcloud.com/saml2/<NAME OF YOUR APP> as the sign-on URL.

    3. Enter JumpCloud as the issuer URL.

    4. Paste the public certificate you generated earlier.

  4. Finalize: Click Save.

Step Three: Define SSO Claims Mapping

Claims mapping defines the roles that logged-in enterprise users are assigned in the Torq workspace.

The mappings are interpreted in an ordered, top-down manner. The mapping assigning the highest privilege should be listed first, and the other mappings should be listed in descending privilege order. A user is assigned a role according to the first match, disregarding any following assignments.

  1. Add a Claim: In the Claims mapping section, click Add.

  2. Configure the Claim:

    1. Enter the claim name provided by the IdP. Frequently used claims include email for a particular user or groups.

    2. Enter the expected value for the claim. Claim values are case-sensitive.

    3. Select the Torq role you would like to assign.

  3. Finalize: Click Add.

Related Articles
Set Up Torq SSO: Okta SAML 2.0 from App Catalog
Set Up Torq SSO: OneLogin SAML 2.0
Set Up Torq SSO: Okta SAML 2.0
Set Up Torq SSO: Use Auth0 with Torq for Azure AD-Based Single Sign-On
Set Up Torq SSO: OneLogin OpenID Connect
Did this answer your question?