Skip to main content

JumpCloud Identity Provider (IdP) Integration Guide

Making the initial connection to JumpCloud IdP.

Updated today

Connecting JumpCloud IdP to Drata allows all personnel to be synchronized into Drata and enables account provisioning. This is typically the first integration new customers complete, as it enables compliance monitoring of your company’s personnel.

Key Capabilities

  • Sync personnel from JumpCloud into Drata

  • Provision Drata user accounts for each synced person

  • Use JumpCloud as an Identity Provider

  • Use JumpCloud as an Enterprise SSO provider

  • Optionally limit personnel sync to a designated JumpCloud group

This integration ensures Drata can monitor personnel status and support compliance workflows from day one.

Prerequisites & Data Access

  • Email domain requirements: The email domain of the account connecting the IdP must match the email domains of the personnel you want to sync. Personnel with different or multiple domains are not synced. To sync additional domains, contact Drata Technical Support.

  • Role requirements: To connect, you must be assigned one of the following Drata roles: Admin, Workspace Managers, DevOps Engineer.

  • If you have the Access Reviewer role, you can only view the Connections page.

  • SSO continuity: If your Drata tenant previously connected to JumpCloud using the Enterprise SSO connector, you can maintain that connection.

  • Initial sync delay: The first import of user accounts may take up to one hour for customers with large user counts.

  • Nested groups not supported: Drata syncs only the top-level members of a specified JumpCloud group.

Permissions & Data Table

Permission / Scope

Why It’s Needed

Data Accessed

JumpCloud API Key (Read access)

Required to retrieve personnel and group membership

User list, group membership

JumpCloud Group (optional)

Allows limiting the scope of users synchronized to Drata

Members of designated group

Step-by-Step Setup

There are three parts to the JumpCloud IdP integration:

Step 1: Navigate to the Connections page and search for and connect to JumpCloud.

Step 2: Connect JumpCloud as an Enterprise SSO provider to allow single sign on into Drata for your employees.

Step 3: (Optional) You can limit scope for Drata to a subset of employees by entering a JumpCloud IdP group that only includes those employees.

  • Drata does not support nested groups. We will sync members in the top level of the specified group, but not members in any second-level or further groups.

The corresponding steps for each part are detailed in the following sections.

Step 1: Go to the JumpCloud connection

  1. Select Connections from the left-side navigation.

  2. Select the Available Connections tab.

  3. Search for JumpCloud and select Connect.

  4. Click Connect to JumpCloud. A modal will appear explaining the API permissions used for the identity connection.

  5. After reviewing, click Next.

  6. Enter your JumpCloud API key.

    • To create the key:

      • Log in to JumpCloud.

      • Click the profile icon → My API KeyGenerate New API Key.

  7. Close the modal once complete.

Step 2: Connect Enterprise Single Sign-On (SSO)

If the Enterprise SSO connection is not configured, you will see a banner at the top of the JumpCloud IdP connection drawer prompting setup.

If SSO is not enabled, only administrators can log in to Drata using magic link authentication.

How to initiate the SSO setup

You may start setup by either:

  1. From Connections: Go to Connections → select the Enterprise Single Sign-On filter → search Single Sign-On provider → click Connect.

  2. From the JumpCloud connection: Open the JumpCloud connection and select Connect to JumpCloud SSO.

Important

If the JumpCloud IdP becomes inactive or misconfigured, non-admin users may not be able to log in. As a temporary workaround, you may grant a user temporary admin privileges to enable login via magic link. Be sure to remove temporary admin access once the IdP is restored.

Step-by-step SSO configuration

You will be navigated to the SSO connection and a drawer will expand from the right side of the screen. Follow the prompts on the drawer. You will be directed to the WorkOS page where you will follow the instructions to complete the connection.

Make sure to follow the exact steps. Here, you will have to login as an Admin within your SSO provider. Click on your provider, which could be JumpCloud or any other service supported.

Then follow the steps to configure SSO with that provider. Once you are done with all of the steps, you'll be directed back to Drata (click 'Back to Drata') and your SSO account should successfully connect.

Step 3: Limit the Personnel Scope with JumpCloud Group (Optional)

After the connection has been established, you may optionally designate a JumpCloud Group as the only group of users to synchronize into Drata by following these steps:

  1. Click the small edit icon to the far right of Configuration Options.

  2. Specify a JumpCloud Group whose members should sync into Drata. Your available user groups can be found at:
    https://console.jumpcloud.com/#/groups/user

  3. Ensure the designated group includes the Drata administrator, or they will not sync.

  4. Save and confirm the selected group.

  5. On the next personnel sync, Drata will update the personnel in scope based on the new group.

Related Articles
Microsoft 365 Integration Guide
Okta Integration Guide (Identity Management Provider)
OneLogin Connection for Identity
CyberArk Integration Guide
PingOne Connection
Did this answer your question?