This article explains how to integrate JumpCloud with Vome using SAML-based Single Sign-On (SSO). It covers the full setup process, from creating a custom SAML application in JumpCloud to configuring the necessary fields between JumpCloud and Vome. This guide is intended for system administrators managing SSO within their organizations.

Overview

Integrating JumpCloud with Vome allows your organization to manage admin authentication centrally through your existing identity provider. Once configured, administrators can log in to Vome using their JumpCloud credentials, without needing a separate Vome password.

JumpCloud SSO in Vome is SAML-based and covers admin authentication only. User provisioning and directory sync from JumpCloud are not currently supported.

Note: Admins must already exist in Vome before they can sign in using JumpCloud SSO. If the email returned by JumpCloud does not match an existing Vome admin account, login will fail.

Prerequisites

Before you begin, ensure you have:

• An active JumpCloud account with permissions to create and manage custom SAML applications.
• Access as the account holder of the Vome Admin platform.
• A Vome subscription on the Ultimate plan.
• Basic familiarity with SAML protocols.
• The Vome SSO values (Identifier and Reply URL) ready, which you will find inside Vome's SSO settings.

Step 1: Locate Your Vome SSO Values

Before configuring JumpCloud, you will need two values generated by Vome.

1. In Vome, navigate to Settings and open the SSO Integration section.
2. Select JumpCloud as your SSO provider.
3. Note down the following two values:
   • Identifier (SP Entity ID) - this is your Vome Service Provider Entity ID
   • Reply URL (ACS URL) - this is the Assertion Consumer Service URL where JumpCloud will post the SAML response

You will enter both of these into JumpCloud in the next step.

Step 2: Create a Custom SAML Application in JumpCloud

1. Log in to the JumpCloud Admin Console at https://console.jumpcloud.com.
2. Navigate to SSO Applications in the left-hand menu.
3. Click + Add New Application.
4. Select Custom SAML App and click Next.
5. Give the application a recognizable name, such as Vome SSO.

Step 3: Configure the SAML Settings in JumpCloud

Inside your new JumpCloud SAML application, enter the following:

• SP Entity ID - paste the Identifier value copied from Vome
• ACS URL - paste the Reply URL value copied from Vome
• IdP Entity ID - this is generated by JumpCloud and will follow the format: https://sso.jumpcloud.com/saml2/[your-sso-name]. Copy this value, as you will need it when completing setup in Vome.
• NameID - set this to email
• Signing - set to sign both Assertion and Response

Save the application once all fields are filled in.

Note: The IdP Entity ID must be a real issuer URL generated by JumpCloud. It should not be the same as the Vome SP Entity ID. If your exported metadata still shows the placeholder text "IdP Entity ID," you need to save the application in JumpCloud first and then export fresh metadata.

Step 4: Export the JumpCloud Metadata

1. After saving the JumpCloud application, open the application settings again.
2. Locate the option to download the SAML Metadata XML file.
3. Save this file to your computer. You will upload it into Vome in the next step.

If your configuration also requires a signing certificate, download that separately.

Step 5: Complete the Configuration in Vome

1. Return to Vome's SSO Integration settings.
2. Upload the SAML Metadata XML file exported from JumpCloud.
3. If a signing certificate is required, upload it as well.
4. Enter the IdP Entity ID (the JumpCloud issuer URL from Step 3) into the corresponding field in Vome.
5. Save your settings.

Step 6: Assign Users in JumpCloud

For admins to authenticate through JumpCloud, they must be assigned to the JumpCloud SAML application.

1. In JumpCloud, open your Vome SSO application.
2. Navigate to the User Groups or Users tab.
3. Assign the appropriate users or groups who should have access.

If a user is not assigned to the application in JumpCloud, they will see an access error when attempting to log in.

Step 7: Verify and Test the Integration

1. In Vome, click Verify SSO to confirm the configuration is valid. Vome will check that the ACS URL and Entity ID are correctly formatted.
2. Once verification passes, use Test SSO to attempt a live login through JumpCloud.
3. If the test is successful, the integration is active.

Note: SSO enforcement is optional. You can enable Enforce SSO to require all admins to authenticate through JumpCloud, or leave it off to allow both login methods. You can also exclude specific admins from enforcement if needed.

Troubleshooting Common Issues

Metadata still contains "IdP Entity ID" as a placeholder
This means the JumpCloud app was not fully saved before the metadata was exported. Go back into JumpCloud, save the application, and download a fresh copy of the metadata. Upload the updated file in Vome.

"User not assigned to this application" error in JumpCloud
The admin attempting to log in has not been assigned to the JumpCloud SAML application. Assign the user or their group in JumpCloud and try again.

Login fails after JumpCloud authentication
This usually means the email returned by JumpCloud does not match an existing admin account in Vome. Confirm that the admin exists in Vome and that JumpCloud is returning the correct email address through NameID or a mapped email attribute.

Verification or callback signature errors
This is typically caused by stale metadata or an incorrect signing configuration. In JumpCloud, confirm that signing is set to Assertion and Response, save the application, export fresh metadata, and re-upload it in Vome.

What Is Not Supported

The current JumpCloud integration covers admin authentication only. The following are not currently supported:

• Syncing or importing users from JumpCloud into Vome
• Automatic creation of new admin accounts on first JumpCloud login
• SCIM provisioning
• User lifecycle management from JumpCloud

Admins must be created in Vome before they can authenticate using JumpCloud SSO.

Summary

• JumpCloud SSO in Vome is SAML-based and supports admin login only.
• Admins must already exist in Vome with a matching email address.
• Setup requires creating a custom SAML app in JumpCloud, uploading metadata into Vome, and verifying the configuration.
• Users must be assigned to the JumpCloud application before they can log in.
• Use Test SSO to confirm the integration is working before enabling enforcement.