---
title: "SSO Using SAML2 Integration With JumpCloud"
slug: "how-do-i-use-sso-for-wasabi-management-console-access-using-saml2-integration-with-jumpcloud"
updated: 2026-01-07T23:21:25Z
published: 2026-01-07T23:21:25Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SSO Using SAML2 Integration With JumpCloud

Wasabi offers Single Sign-On (SSO) functionality for Wasabi accounts using the [JumpCloud](https://jumpcloud.com/) (identity provider) system, based on SAML2 (Security Assertion Markup Language) integration.

This article provides configuration instructions for both the IdP administrator and the SSO user to properly configure and complete a Wasabi Console login using your organization's JumpCloud SSO service.

## Configuring SAML App in JumpCloud (IdP Side)

1. Log in to [JumpCloud](https://jumpcloud.com/) (https://jumpcloud.com) account as Administrator.
2. Select **SSO**in the navigation menu and click **Add New Application**in the****Configured Applications panel.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-0LN5A681.png)
3. Click **Custom SAML App** at the bottom of the panel.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-8IM50I7K.png)
4. In the SSO tab Application Information section, enter the application name in the Display Label box, for example, "Wasabi-SSO."

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-HNZ9BT5Z.png)
5. In the Single Sign-On Configuration section, enter the following:

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-BHMZ1F59.png)
  - IdP Entity ID: **Wasabi** The IdP entity ID is the unique, case-sensitive identifier used by JumpCloud for this service provider. Be sure that the value you enter matches the Identity Provider entity ID you configured on the Wasabi Console SSO configuration page.
  - SP Entity ID:****https://sso.wasabisys.com/saml
  - ACS URL: https://sso.wasabisys.com/login/callback
6. Scroll down to the Signature Algorithm section and perform the following:

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-OLCHWBIU.png)
  - Check **Sign Assertion.**
  - Enter the Login URL: https://console.wasabisys.com.
  - In the User Attribute Mapping box, click **add attribute** and then enter the Service Provider Attribute Name as **email,** and select **email** from the JumpCloud Attribute Name drop-down.
  - In the Group Attributes box, check **Include group attribute**and type **groups**.
7. Click A**ctivate**. A confirmation dialog is displayed.

SSO role mapping is based on the group names you create.
8. Click **Continue** to create an SSO connector.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-GM3YWUUF.png)
9. Select **User Groups** in the left menu. You can create user groups based on your personal or company use case. User group settings depend on your organization's requirements.
10. To add a new user group, click the green "**+**" sign. The New User Group panel is displayed.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-6Z1FX3RW.png)
11. In the Details****tab Group Configuration section, enter a group name in the Name box, for example: “WasabiAdmin.” Click **Save**.

> The group name must match the Wasabi role name in the Wasabi Console, which we will create later.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-P31FL8YM.png)
12. Select the **Users** tab. Check the users to add to the user group.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-M8GB8ZYX.png)
13. Select the **Applications** tab. Check the applications for the user group. Click **Save**.![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-YLQFCQC6.png)
14. Now, you will download the IDP certificate. To do so, select **SSO**in the left menu, then select the application you previously created.
15. In the Single Sign-On pane, select the **IDP Certificate Valid** drop-down and select **Download Certificate**.****The .pem file will be downloaded.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-BXWDYZD0.png)
16. In the SSO tab, scroll down to the IDP URL box and copy the URL.![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-7LAMLSIG.png)

## Configuring SAML Settings in Wasabi Console (SP / Client Side)

1. Sign in to the [Wasabi Console](https://console.wasabisys.com/login) (https://console.wasabisys.com/login) using a Root account email.
2. Click **Settings** in the left menu, then select the **SSO (Single Sign On)** tab.

> If you do not see the SSO (Single Sign On) tab, then you are using a Wasabi Console trial account. This feature is only available to paid accounts.
3. In the Select Configuration drop-down, select **SAML**.
4. In the SAML Connection section General box, paste the URL previously copied.
5. In the X509 Signing Certificate box, upload the IDP certificate (.pem file).
6. Click **Save Connection**.![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-QUBNICQE.png)
7. In the SSO tab, click **Create Role** to create an SSO role in the Wasabi Console. The SSO role must be assigned to users within your organization's Identity Provider and returned to Wasabi in SSO claims to match a user to a role.

> Do not create the role through the Roles tab in the left menu. SSO roles must be created through the SSO tab in Settings.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-VB5U774P.png)
8. In the Create Role dialog, enter the name you created in the JumpCloud Details****tab, for example, “WasabiAdmin.” Click **Next**.![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-33H80YZ6.png)
9. In the Assign Role Policies panel, select one or more policies for this new role to provide user-specific access. Click **Create Role**. For more information on default policies or creating your own IAM policies for the Wasabi Console, see [Policies in Wasabi Hot Cloud Storage](https://docs.wasabi.com/docs/policies-1).

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-7GTG13NA.png)

This example uses the AdministratorAccess policy. You may attach any Wasabi-managed policy/user-managed policy based on your requirements. You should not see the Wasabi Role you created in the SSO tab in Settings.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-3NWH50HC.png)

## Testing the Integration

1. Sign in to the [Wasabi Console](https://console.wasabisys.com) (https://console.wasabisys.com) to test the SSO configuration.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-2563513U.png)
2. Enter the Wasabi Console **Root user email address**. Click **Continue**.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-XT973S8A.png)

You are redirected to the JumpCloud log in page of your IdP. Sign in as the user who has access to the Wasabi Console application.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-J0OXP4CX.png)

Once you have successfully logged in with your company's JumpCloud username/password, you are then redirected to the Wasabi Console.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-FVWMLQFJ.png)

Your view of the Wasabi Console may differ depending on the IAM policy set for the SSO role you created.