JumpCloud SSO

Files.com supports Single Sign-On (SSO) integration with JumpCloud via the SAML protocol. Users log in with their JumpCloud credentials without a separate Files.com username or password, using a Service Provider (SP)-initiated SSO flow. JumpCloud acts as the Identity Provider (IdP), so identity management, access policies, and login controls stay centralized in JumpCloud.

Adding Files.com in JumpCloud

After logging in to your JumpCloud account as an administrator, navigate to SSO Applications -> Add New Application, and search for Custom Application. Select it to configure Files.com as a custom SAML application.

In the Create New Application Integration wizard, select all features to be enabled by choosing the Configure SSO with SAML option under Manage Single Sign-On, enter the Display Label as desired, and save the application.

Configure the application using the SAML configuration settings below, leaving the remaining fields at their default values.

Replace [SUBDOMAIN] with your specific Files.com subdomain. The SAMLSubject NameID in JumpCloud is the user identifier that is sent in a SAML response.

Adding JumpCloud in Files.com

In Files.com, go to the SSO page and select JumpCloud as the SSO provider, then enter the Display Name.

There are three ways to connect to JumpCloud. The right choice depends on your organization's security and compliance requirements.

Metadata URL is the simplest option, because it automatically handles updates such as certificate renewals or changes to service provider URLs. For example, if JumpCloud's certificate expires, the Metadata URL updates automatically, while Metadata XML and Certificate Fingerprint require manual updates. If automatic updates are not required, Metadata XML works well but requires manual intervention when JumpCloud changes. Certificate Fingerprint is the most manual option, giving you the most control over updates and requiring the most effort to maintain.

Using Metadata URL

Paste the Metadata URL you copied from JumpCloud into the Metadata URL field.

Using Metadata XML File

To use a metadata XML file, export the metadata from the SSO page in JumpCloud as a JumpCloud administrator. In Files.com, select the Metadata XML file option and upload the XML file you exported.

Using Certificate Fingerprint

To use Certificate Fingerprint, download the IdP Certificate from the JumpCloud application dashboard. With the certificate on your local machine, run the following command in a terminal to obtain the certificate's fingerprint.

openssl x509 -in [your_cert_file] -noout -sha256 -fingerprint

In Files.com, select the Certificate Fingerprint option and paste the fingerprint you obtained from the above command. Also paste the IdP URL you copied from JumpCloud. The same URL can be used for both the SLO endpoint and the SSO endpoint.

Assigning Users

After you save the changes, the JumpCloud Single Sign-On method is available when assigning an authentication method for a user in Files.com, and the Sign in with JumpCloud button appears on your site's login page.

Keep at least one site administrator on the password authentication method rather than assigning every administrator to SSO. This prevents being locked out of Files.com if there's an IdP or SSO issue.

Provisioning Users Automatically

Files.com supports SCIM provisioning to automate user management via JumpCloud. The integration handles user creation, updates, and deactivation in Files.com based on changes made in JumpCloud. To set up SCIM provisioning, configure the SCIM connector in JumpCloud with Files.com's SCIM endpoint and authentication details. Detailed instructions are available in Files.com's SCIM provisioning documentation.

SCIM Provisioning

SCIM provisioning automatically provisions users in Files.com from JumpCloud.

To enable SCIM provisioning in Files.com, open the advanced settings in the Add/Edit SSO Provider form. Under the Enable automatic user provisioning via SCIM? section, select Token, and select Yes for Automatically provision users on first login?. Optionally, configure the remaining options and then click Save. The token only becomes available and active after the Add/Edit SSO Provider form is saved.

To enable SCIM provisioning in JumpCloud, update the Configuration Settings section under Identity Management using the following details:

By default the token expires one year from the date you generated it. Files.com sends an alert email before your SCIM token expires. You can extend the expiration date of the SCIM provisioning secret token in Files.com at any time.

To revoke the current token and get a new one — whether the token was compromised or for any other reason — reset the token from Files.com. Edit your JumpCloud provider's settings in Files.com and locate the Reset Token option. After you reset the token and click Save, a new token is generated and available to copy from the Token text box.

With SCIM enabled, JumpCloud users assigned to Files.com in JumpCloud are automatically provisioned in Files.com and able to log in via SSO.

Troubleshooting Common Issues With JumpCloud SCIM Integration

If you encounter issues with authentication or provisioning between JumpCloud and Files.com, review the following troubleshooting steps to identify and resolve the problem. The History Logs and SCIM Logs also contain details related to authentication and provisioning activity.

Common issues during SCIM setup or modification often stem from how JumpCloud handles test user provisioning during configuration. JumpCloud's SCIM implementation can behave unpredictably in certain cases, and their documentation does not always cover these edge cases, particularly around test user provisioning.

When testing or activating the SCIM integration in JumpCloud, make sure the Test User Email (configured under Identity Management → Configuration Settings) exists in JumpCloud but does not exist in Files.com, even in a disabled state. JumpCloud attempts to create this user during the connection test, and the process fails if the user already exists in any state within Files.com. If you're unsure, create a new test user in JumpCloud using a unique email, such as JumpCloudTestUser@mycompany.com.

Also confirm that Automatically provision users on first login? is set to Yes under advanced settings in Files.com. This setting is required for successful provisioning during testing or activation.

If a test user was previously provisioned and you're updating the existing SCIM configuration in JumpCloud (for example, rotating the SCIM token or changing group management settings), first go to Identity Management in JumpCloud and click Deactivate IdM connection. Then delete any previously provisioned test users from Files.com to prevent them from being auto-reprovisioned during testing.

Before re-testing or re-activating the SCIM connection, confirm that no test users remain in Files.com. If you're rotating the SCIM token, use the Generate new token option in Files.com and update the token in JumpCloud before proceeding.

After a successful test, JumpCloud provisions the test user to Files.com and marks it as disabled. This is expected behavior. You can safely delete the user after testing to avoid conflicts during future configuration changes.