As of 4/2020, JumpCloud creates the necessary IdP private key and IdP certificate automatically. JumpCloud also offers a prebuilt SSO connector for Scalyr, which should be used to streamline the configuration proces:
Some of the pre-filled values in this connector are incorrect, so please follow this guide for the necessary configuration values.
- IdP Entity ID: Enter a URL that uniquely identifies your IdP configuration. We recommend domain.com/idp/scalyr, where “domain.com” is your organization’s domain name. However, you can use any other URL, so long as it is unique.
- Note 1: The http[s]:// prefix has been deliberately omitted
- Note 2: URL does not have to point to a valid page.
- SP Entity ID: (Referred to as MY-ORG in this guide) You should have received this in an email from the Scalyr support team. See this page for instructions on how to choose an SP Entity ID.
- ACS URL:
- SP Certificate: Leave as-is; we do not sign our authentication requests.
- SAML Subject NameID: Select “email” from the dropdown menu
- SAML Subject NameID Format: Select “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” from the dropdown menu
- Sign Assertion: Select checkbox
- Default Relay State: Leave blank
- IdP-Initiated Url: Leave blank
- IdP Url: At the end of https://sso.jumpcloud.com/saml2/ enter “Scalyr-MY_ORG” (replace MY_ORG with your organization name).
- If you wish to restrict the use of Scalyr to specific users and you use Tags/Groups on JumpCloud, make note of this Url (“https://sso.jumpcloud.com/Scalyr-MY_ORG”) and create a new Tag with the name “SSO-Scalyr-MY_ORG” (replace MY_ORG with your organization name). Tag users you’d like to authorize to Scalyr with this tag.
- Display Label: enter Scalyr
- Click on the “Export Metadata” link at the bottom to download the metadata XML file. Once you’ve downloaded it, send it to email@example.com
The final (completed) form will resemble the following: