All Collections
Integrations
Connecting JumpCloud IdP to Drata
Connecting JumpCloud IdP to Drata

Making the initial connection to JumpCloud IdP.

Faraz Yaghouti avatar
Written by Faraz Yaghouti
Updated this week

HERE'S WHY

Connecting JumpCloud IdP to Drata allows all of your company's personnel to be synchronized with Drata, and to provision accounts for each. This is the first connection/integration that should be completed as a new customer of Drata, as it will allow for the compliance monitoring of your company's personnel.

BEFORE DIVING IN

  • The email domain, when connecting the IdP, must match each of the personnel’s email domain that you would like to sync. Personnels that have different domains or multiple domains are not synced.

    • If you need to sync multiple email domains, please reach out to our Technical Support team.

  • For customers who previously had any SSO configured: If your Drata tenant has previously connected to JumpCloud using our Enterprise SSO connector, you can maintain that connection.

Important to note: There is a delay between the initial connection and the first import of user accounts. At the longest this should take no more than one hour for customers with hundreds of users.

HERE'S HOW

There are three parts to the JumpCloud IdP integration:

Part 1: Open the Drata connection Drawer and input the initial connection information.

Part 2: Connect JumpCloud as an Enterprise SSO provider to allow single sign on into Drata for your employees.

Part 3: (Optional) You can limit scope for Drata to a subset of employees by entering a JumpCloud IdP group that only includes those employees.

  • Drata does not support nested groups. We will sync members in the top level of the specified group, but not members in any second-level or further groups.

The corresponding steps for each part are detailed in the following sections.

Part 1: Follow these instructions to connect JumpCloud to Drata:

  1. Select "Connections" on the side navigational menu.

2. Select the 'Available connections' tab and then search for JumpCloud to select the connect button.

3. The JumpCloud connection will open a right hand drawer, and you will need to click ‘Connect to JumpCloud’ on the bottom to begin the process. A modal will appear explaining the API permissions utilized from JumpCloud for the identity connection, after reviewing this, click next.

  • The modal will ask you to input a JumpCloud API Key for your connection. This can be generated in JumpCloud by logging into JumpCloud with the desired user account, clicking the profile icon in the top right corner, selecting My API Key, and then finally clicking Generate New API Key. Copy this API Key into the Drata connection modal and submit. Once complete, you can close the modal.

Part 2: Utilizing the Enterprise SSO connection to allow company personnel to log in to Drata:

At this point, iIf you did not have an Enterprise SSO Connection already, you will see the following banner at the top of the connection drawer:

This is a prompt to begin the Enterprise Single Sign-On Provider connection. If this Enterprise SSO connection is not enabled, only administrators will be able to log in to Drata with magic link functionality. Thus, it is highly recommended to make this connection as soon as possible.

You can initiate this by either (1) navigating to ‘Enterprise Single Sign-On’ connection filter, or (2) directly from the bottom of the JumpCloud IdP connection drawer (this option shown below).

If you click Connect to JumpCloud SSO, you will be navigated to the SSO connection and a drawer will expand from the right side of the screen. Follow the prompts on the drawer. You will be directed to the WorkOS page where you will follow the instructions to complete the connection.

Make sure to follow the exact steps. Here, you will have to login as an Admin within your SSO provider. Click on your provider, which could be JumpCloud or any other service supported.

Then follow the steps to configure SSO with that provider. Once you are done with all of the steps, you'll be directed back to Drata (click 'Back to Drata') and your SSO account should successfully connect.

Part 3: Limiting the Personnel in scope for Drata by using a JumpCloud Group:

After the connection has been established, you may optionally designate a JumpCloud Group as the only group of users to synchronize into Drata by following these steps:

  • Click the small edit icon to the far right of “Configuration Options”.

  • Designate a JumpCloud Group to sync with. Your current available JumpCloud user groups can be found in the JumpCloud console: https://console.jumpcloud.com/#/groups/user. You will want to be sure this group includes the Drata administrator as well, as only users of the group will be synchronized to Drata.

  • Save and confirm the group. The next personnel sync will change the personnel list based on the new group.

Did this answer your question?