ComplianceScout.ai
Sign InFree Trial

JumpCloud SSO

Sign in to ComplianceScout with JumpCloud over OpenID Connect.

OpenID Connect (OIDC)

JumpCloud also supports SAML 2.0 — use the generic SAML reference on the SSO index if you prefer SAML.

Values to give JumpCloud

Copy these from ComplianceScout → Settings → SSO when you create the connection. The exact, per-connection values are shown there.

Redirect URI (Sign-in redirect URI / Allowed Callback URL)https://<your-app-host>/sso/oidc/callback/<connectionId>

Copy the exact value shown in ComplianceScout → Settings → SSO when you create the connection. Do not hand-type it — most IdPs require an exact match (case and trailing slash included).

Configure JumpCloud

Steps verified against the vendor documentation linked at the bottom of this page. Labels can change — that link is the source of truth.

  1. Sign in to the JumpCloud Admin Portal (console.jumpcloud.com).

  2. Go to Access → SSO Applications and click + Add New Application.

  3. Search for OIDC, select Custom OIDC App, and click Next.

  4. Enter a Display Label (for example, ComplianceScout) and continue to the SSO tab.

  5. In Redirect URIs, paste the Redirect URI shown in ComplianceScout → Settings → SSO.

  6. Set Client Authentication Type to Client Secret Basic or Client Secret POST (a confidential client — do not choose Public/PKCE). Leave the Authorization Code grant checked.

  7. Under Attribute Mapping, add the Standard Scopes email and profile so the email claim is released.

  8. Click Activate, then copy the Client ID and Client Secret from the popup — JumpCloud shows the secret only once.

  9. Open the application's User Groups tab, select the groups that should have access, and click Save.

Values to enter in ComplianceScout

Back in Settings → SSO, paste these into the connection and save.

Issuer URLhttps://oauth.id.jumpcloud.com/

US region (trailing slash included). Non-US regions use a different host — confirm via <issuer>/.well-known/openid-configuration.

Client ID<client-id>
Client Secret<client-secret>

Role mapping (optional)

To emit groups, check the Group Attribute option under Attribute Mapping and set a Groups Attribute Name (e.g. groups), AND bind the relevant groups under the application's User Groups tab. Set ComplianceScout's role-mapping claim to that attribute name.

Things to watch for

  • The client secret is shown only once — copy it before closing the activation dialog.
  • A groups claim requires both the Group Attribute name and the groups bound under User Groups.

Vendor documentation

Ready to turn on JumpCloud SSO?

Configure the connection in Settings → SSO, then test sign-in before rolling it out to your team.

Open SSO settingsAll SSO guides →