‭HCP Terraform SAML SSO Setup with JumpCloud Terraform SSO Application

Avatar
Yashi Chauhan
  • Updated

 

Introduction

HCP Terraform allows organizations to configure single sign-on (SSO) via the SAML 2.0 protocol as an alternative to managing users within the platform. This integration enables centralized identity management and improves security posture by enforcing organizational authentication policies. JumpCloud, as a SAML 2.0-compliant Identity Provider, can be configured to enable SSO access to HCP Terraform organizations.

Expected Outcome

Once completed, users in JumpCloud directory will be able to authenticate to HCP Terraform organization using SSO via SAML.

Prerequisites

  •  An active HCP Terraform account with Organization Owner privileges.
  • A JumpCloud administrator account along with either Terraform SSO application or SAML 2.0 SSO Application. Note: Procedure for the SSO integration is same for both the application.

Use Case

This configuration is useful for organizations that want to standardize user authentication via a centralized IdP (in this case JumpCloud) and reduce manual account provisioning and organizations invitation in HCP Terraform. HCP Terraform SSO integration is compliant with Jumpcloud's Terraform SSO / Terraform Cloud SSO/ SAML 2.0 application.

Procedure

1. Gather Information from JumpCloud SAML SSO Application

  • Navigate to SSO Application in JumpCloud Admin portal and choose any application for the Integration mentioned below.
  • Select the Terraform Application which needs to be configured for HCP Terraform Organization SSO. Download the IDP certificate and copy/export the Metadata URL from Jump Cloud SSO configuration section.
  • Scroll down and copy the IDP url from the same SSO configuration page.

2. Configure SAML SSO in HCP Terraform

  • Go to the HCP Terraform Cloud organizations settings, SSO section, and click on "Setup SSO". 
  • Select the SAML provider and click on "Next".
  • Enter the full "JumpCloud Metadata" URL in the "Metadata URL" field copied in section 1 and click "Save Settings".
  • On the next screen click "Edit Settings".
  • Paste the contents of the IDP certificate in the "X.509 Certificate" field and click "Save Settings". 
  • The resulting SSO settings should look similar to the screenshot below. Note the "Entity ID (Audience)" and "Assertion Consumer URL" values in the "HCP Terraform" section. They will be needed for the JumpCloud SSO configuration.

     

3. Configure JumpCloud Terraform SSO Application

  • Navigate to JumpCloud's Terraform SSO configuration and paste the HCP Terraform Entity ID (Audience) URL to SP Entity ID and Assertion Consumer URL to ACS URLs. 

  • Add the username and email attribute in attributes section and Save the changes.

    Note : Users should be part of the application configured for SSO. So, update the User Groups accordingly.

4. Test the SSO configuration in Terraform Cloud

After the JumpCloud SSO SAML application setup is complete the configuration should be tested in HCP Terraform. To do that:

  • Go to the HCP Terraform organizations settings, SSO section -> Click on "Test".
  • Once the test is successful you can enable the configuration by clicking on "enable" and users can start logging in via SSO.

     

Additional Information

Articles in this section

See more

Related articles