User Management with SCIM Integration

Introduction

Managing user identities and access can be a challenging task, especially as your organisation grows. To simplify this process, Jump Desktop now supports SCIM (System for Cross-domain Identity Management) integration. This feature enables seamless synchronisation of user data between your Single Sign-On (SSO) provider and Jump Desktop.

When a user is assigned to the Jump Desktop app via your SSO provider, SCIM automatically pushes their details to Jump Desktop. If Domain Verification is enabled, no verification email is sent; users can directly sign in using SSO. Otherwise, an email will be sent to the user for email verification. Importantly, if a verified user with the pushed email already exists, their account will transition to being managed by the SCIM server.

This article provides a step-by-step guide to integrate SCIM with Jump Desktop, complete with screenshots and detailed instructions. FAQs related to SCIM integration can be found at the end of this guide.

Pre-requisites for SCIM integration

• Single Sign On is configured for your team
• A Jump Desktop for Teams Enterprise subscription

Configuring SCIM

As a first step, you will have to Enable SCIM integration in Jump Desktop teams dashboard. After that you have a choice to provision SCIM for your team using the following SSO providers:

• Okta
• Microsoft Entra ID (previously Azure)

Enable SCIM integration in Jump Desktop teams dashboard

1. Visit https://app.jumpdesktop.com and log in as a SSO team administrator

2. Select the team with SSO configured on select Security.

3. Click Enable SCIM in the Team Single Sign On section.

4. You will be presented with your SCIM connection details which you will need to configure SCIM provisioning with your SSO provider.

SCIM Provisioning with Okta

1. Go to https://login.okta.com/ and log in as an administrator.

2. After login, on the top right of the screen, click the Admin button.

3. On the Admin home page under Applications click Applications.

4. On the Applications screen, select the Jump Desktop application.

5. On the Jump Desktop application screen, you will need to enable SCIM provisioning under the General tab. Click the Edit link for App Settings.

6. Select SCIM provisioning and click Save.

7. This should add a Provisioning tab under the Jump Desktop application page.

8. Click on Integrations under the Provisioning tab.

9. Copy the Security Token and SCIM integration URL from the Jump Desktop portal as shown.

10. Fill in the details as shown above.

11. Click Test Connector Configuration. You should see a pop-up as shown above. Close the dialog and click Save. SCIM provisioning has been successfully configured.

SCIM Provisioning with Microsoft Entra ID (previously Azure)

1. Visit https://portal.azure.com and sign-in as an administrator.

2. On the home screen click Azure Active Directory.

3. Click Enterprise applications on the left.

4. In the Enterprise applications screen select the Jump Desktop application under All applications.

5. On the next screen select the Provision User Accounts option.

6. Click Get Started and select from Automation (recommended) or Manual provisioning.

7. Under Admin Credentials enter Tenant URL and Secret Token from the Jump Desktop Portal as shown and click Test Connection.

8. If the connection is successful, click Save. Your SCIM provisioning has been successfully configured.

FAQs for SCIM integration

What happens if I disable SCIM integration in Jump Desktop teams dashboard

When SCIM integration is disabled, your SCIM credentials are invalidated and all requests received  from your SSO provider will be rejected by the Jump Desktop SCIM server. Users provisioned prior to disabling SCIM will still exist in Jump and their status will be unchanged. If in the future you enable SCIM integration again, your SCIM server will query Jump Desktop using email addresses to see which users exist in Jump Desktop and then the SCIM server will resume managing the accounts it finds.

If you wish to disable all users and disable SCIM integration, you will need to remove all users from the Jump Desktop application in your SSO provider and once the synchronisation between Jump Desktop and your SCIM service is complete, then disable SCIM integration.