How to Configure SAML SSO for Digi Remote Manager Using JumpCloud as the SAML Identity Provider

Introduction

Digi Remote Manager supports Single Sign-On (SSO) via SAML 2.0, enabling integration with a wide range of identity providers, including JumpCloud.

This article explains how to configure SAML-based Single Sign-On (SSO) authentication in Digi Remote Manager (DRM) when using JumpCloud as the SAML Identity Provider (IdP).

Prerequisites

• A JumpCloud administrator account with SSO add-on (or equivalent package).
• Digi Remote Manager full license and Adminstrator access 

Question

How to Configure SAML SSO for Digi Remote Manager Using JumpCloud as the SAML Identity Provider?

Solution

Here are the steps to set it up both on Digi Remote Manager and Jump Cloud side.

JumpCloud Configuration

1. Set Up Custom SAML App

• Log in to the JumpCloud Admin Portal (use the appropriate regional URL) then navigate to SSO Applications and Click + Add New Application

• Select Create a Custom Integration and click Next:

​ 

• Choose Manage Single Sign-On (SSO), pick Configure SSO with SAML, and press Next

• Enter a descriptive name (e.g., Digi Remote Manager) and optionally add a description or logo. Click Save Application
•  

2. Configure the User

• Navigate to Users → + Add User and select Manual User Creation

​

• Complete all required fields, ensuring that the Username matches the username that will be used on Digi Remote Manager
•  
• Once saved, the user will receive an email to finish the setup and set the password
• After creating the user, select it and click Actions → Add to User Group

 ​

• Choose Create New Static User Group from Selection, enter a User Group Name, and click Add 1 User 

​

3.  Populate JumpCloud SAML Configuration

Select your new app and go to the SSO tab and configure the following fields:

• IdP Entity ID: this is the unique identifier for JumpCloud as the Identity Provider (IdP). Can be obtained by downloading the Metadata file or simply by using the "Copy Metadata URL". Note: This will be named as "Issuer/Entity Id" in Digi Remote Manager

​​

• IdP Login URL: This is the endpoint where the Service Provider (Digi Remote Manager) redirects users for authentication. JumpCloud provides this URL in the app’s SSO tab and it is usually in the format: https://sso.jumpcloud.com/saml2/<appname>.Note: This will be named as "Single Sign-On URL" in Digi Remote Manager

• SP Entity ID (Audience Restriction) and : this is provided by Digi Remote Manager and it is used by JumpCloud to confirm the SAML request is intended for Digi Remote Manager. Note: This will be named as "Digi Remote Manager Audience URI (SP Entity ID)" in Digi Remote Manager

• ACS (Assertion Consumer Service) URLs > Default URL: this is provided by Digi Remote Manager and it is the endpoint on Digi Remote Manager that receives the SAML response from JumpCloud. Note: This will be named as "Digi Remote Manager Recipient URL" in Digi Remote Manager

• SAMLSubject NameID: be sure this is set as username for usage with Digi Remote Manager 

• SAMLSubject NameID Format: can be left as SAML2.0 unsepcified

4. Download Certificate

Click on "Actions" and Download Certificate. This will be used in the Digi Remote Manager configuration

5. Add the user

Navigate to the User Groups tab and select the Group created before for Digi Remote Manager users:

Digi Remote Manager Configuration

1. Configure SAML SSO for the account

• Log in as an Administrator on Digi Remote Manager. Navigate to the Account Settings menu:

  • If there are no sub-accounts, click Account Details.
  • If there are sub-accounts, click Accounts and select the appropriate account.

• Click SAML SSO and enter:

  • Single Sign-On URL provided by JumpCloud as IdP Login URL

  • Issuer / Entity ID provided by JumpCloud as IdP Entity ID

  • Certificate downloaded from JumpCloud

• At the bottom of the SAML Single Sign-On page, you’ll find several URLs required for configuring the Identity Provider (JumpCloud), including the ones mentioned above:
  • Digi Remote Manager Recipient URL 
  • Digi Remote Manager Audience URI (SP Entity ID)

2. Enable Single Sign-On (SSO) for a specific user in Digi Remote Manager:

• Navigate to Account Settings > Users.
• Click on the username to open the Edit User pane

• Click on Single Sign-On to enable it and Update to apply the changes:

• Notes: 

  • Make sure that usernames in JumpCloud match those in Digi Remote Manager, including case sensitivity.
  • Do not enable single sign-on functionality for the account administrator to prevent being locked out of Digi Remote Manager 

Testing a SSO enabled User

Once the configuration is complete, when trying to log in with a user who has SSO enabled on Digi Remote Manager, you will be redirected to the JumpCloud login page:

Enter the email address and password configured for that user in JumpCloud:

If the setup is correct, the user will successfully authenticate and gain access to Digi Remote Manager: