Skip to content
  • There are no suggestions because the search field is empty.

How do I set up SCIM provisioning with JumpCloud?

SCIM automates user account creation, updates, and deactivation in Siit based on your JumpCloud directory. This guide shows you how to connect JumpCloud to Siit using SCIM.

Before you begin:

  • Your Siit workspace must be on the Pro plan
  • You need JumpCloud admin permissions
  • Have a valid test email address ready (unused in your directory, e.g., scim-test@yourcompany.com)

Step 1: Get your SCIM credentials from Siit

  1. Log into Siit and go to Settings → Security → SCIM
  2. You'll see two values:
    • Base URL (e.g., https://back.siit.io/scim_v2)
    • Token Key (a long encrypted string)
  3. Keep this page open—you'll need these values in the next steps

 

Step 2: Open Identity Management in JumpCloud

  1. Log into JumpCloud Admin Console
  2. Go to SSO Applications
  3. Find and open your Siit application
  4. Click the Identity Management tab
  5. Click Configure under SCIM Integration

Step 3: Configure SCIM settings

In the Configuration Settings section:

  1. API Type: Select SCIM API (not Custom API Import)
  2. SCIM Version: Select SCIM 2.0
  3. Base URL: Paste the Base URL from Siit (e.g., https://back.siit.io/scim_v2)
  4. Token Key: Paste the Token Key from Siit
  5. Test User Email: Enter a valid but unused email in your company domain
    • ✅ Good: scim-test@yourcompany.com
    • ❌ Bad: Using an existing employee's email (this will cause the test to fail)
    • The email must be in a valid format but doesn't need to be a real mailbox

Mutual TLS (optional): Leave Use mTLS unchecked unless you have specific security requirements.

Step 4: Enable group management (optional but recommended)

Scroll down to Group Management and check:

☑️ Enable management of User Groups and Group Membership in this application

This allows you to map JumpCloud groups to Siit roles for automatic permission management.

Important: If enabled, ensure your JumpCloud groups have matching role names in Siit. See Step 7 for details.

Step 5: Configure attribute mapping

Scroll to Attribute Mapping. Map these JumpCloud attributes to Siit fields:

SCIM Attribute Name JumpCloud Attribute Action
UserName Company Email include
Name.GivenName First Name include
Name.FamilyName Last Name include
PhoneNumbers.Value Work Phone include
Title Job Title include

Make sure all mappings show include (not exclude).

Step 6: Activate the integration

  1. Click activate or update at the bottom of the page
  2. JumpCloud will test the connection using your Test User Email
  3. If successful, you'll see a confirmation message

Step 7: Assign users

  1. Go to the User Groups tab in your Siit SSO application
  2. Click + to add groups
  3. Select the JumpCloud groups whose members should have Siit access
  4. Click save

Users in these groups will be automatically created in Siit within a few minutes.

Step 8: Configure role mapping (if group management is enabled)

If you enabled group management in Step 4, JumpCloud groups sync as Siit roles:

  1. In Siit, go to Settings → Roles
  2. For each JumpCloud group linked to the Siit app, ensure a role exists with the exact same name (case-sensitive)
    • Example: JumpCloud group "IT Support" → Siit role "IT Support"
  3. If a matching role doesn't exist, Siit will automatically create one when the group syncs

What happens:

  • Users in a JumpCloud group automatically get the corresponding Siit role
  • Removing someone from the JumpCloud group removes their Siit role
  • Changes sync within 5-10 minutes