Enabling SAML SSO with JumpCloud
Harvest supports SAML single sign on (SSO) for accounts on our Premium plan. This article covers setting up JumpCloud SSO for your Harvest account. For information about other SAML SSO options and SAML SSO FAQ, see the SAML SSO section of our Help Center.
You can also consult JumpCloud's SAML SSO documentation.
How to enable SSO via JumpCloud
Enabling SSO via JumpCloud for your Harvest account is a multi-step process that requires gathering and recording information from/to both JumpCloud and Harvest. For this reason, we recommend keeping JumpCloud and Harvest both open in separate tabs of your browser while you enable the integration.
Step 1: Add Harvest application in JumpCloud
- Log in to your JumpCloud Admin Console.
- Navigate to SSO Applications and click Get Started.
- Select Custom Application and click Next.
- Choose Manage Single Sign-On, then select Configure SSO with SAML.
- Provide a name for your application, such as "Harvest".
- Click Save Application.
Step 2: Add SAML details from Harvest to JumpCloud
- In JumpCloud, go to the SSO tab for the new application.
- In a separate browser tab, sign in to Harvest and navigate to Configure SAML under Settings > Sign in security.
- Select JumpCloud as your identity provider. Harvest will provide two key URLs:
- Entity ID: Copy this and paste it into JumpCloud’s SP Entity ID field.
- Single Sign-On URL: Copy this and paste it into JumpCloud’s ACS URL field.
Step 3: Complete Metadata Configuration
- In Jumpcloud on the SSO tab click Copy Metadata URL. This URL contains the metadata Harvest requires.
- Return to Harvest and paste the URL into the Metadata URL field.
- Save the changes in Harvest.
If successful, a certificate will appear, indicating that Harvest and JumpCloud can communicate.
Step 4: Assign Users to the Application in JumpCloud
- Navigate to User Groups in JumpCloud.
- Add the new Harvest application to the relevant user group.
- Ensure your team's email addresses in Harvest match their JumpCloud accounts.
Step 5: Test the SAML SSO Configuration
- Sign out of your Harvest account.
- On the sign in screen, select Sign in with SAML SSO.
- Choose the account you configured.
- If configured correctly, you will be redirected to JumpCloud for authentication and then signed into Harvest.
Require sign in with JumpCloud in Harvest
Warning: Before making sign in required with SAML SSO, be sure you’ve added yourself and all teammates as users in your created Harvest app in JumpCloud to ensure they’ll be able to sign in via SAML.
If you’ve just enabled SAML SSO via JumpCloud following the steps above and you want to require everyone in the account to sign in with JumpCloud, please follow these steps:
- Next to SAML, you’ll notice that the option to Require sign in with JumpCloud is grayed out. To change this, click Sign in with your JumpCloud account in the notification.
- Enter the email address associated with your Harvest account. This will take you to JumpCloud to sign in.
- Once you have signed in to your Harvest app using JumpCloud, you’ll be redirected back to Harvest.
- In Harvest, go to your Settings.
- Click Sign in security in the left sidebar.
-
Next to SAML, check the box to Require sign in with JumpCloud.
- You’ll see a warning that saving this setting will sign out anyone who isn’t currently signed in with JumpCloud.
- We’ll also send your team an email to let them know about this change. If you’re okay with this, click Save settings to require signing in with JumpCloud.
Disable SAML SSO with JumpCloud
Note that when SAML SSO is disabled, everyone currently signed in with JumpCloud will be signed out.
- In Harvest, go to your Settings.
- Only Administrators can access Settings.
- Click Sign in security in the left sidebar.
- Next to SAML, click Disconnect SAML.
- Click Disconnect SAML to disconnect.
What happens when I disable SSO via JumpCloud?
SSO via JumpCloud is enabled, but your team is not required to sign in via JumpCloud
- Everyone who is currently signed in with SAML SSO will be immediately signed out.
- We will send emails to every user who doesn’t currently have a password set letting them know they need to set a password.
You required your team to sign in to Harvest via JumpCloud
- Everyone who is currently signed in with SAML SSO will be immediately signed out.
- We will send an email to every Administrator in Harvest letting them know that signing in with JumpCloud is no longer required.
- We will send emails to every user who doesn’t currently have a password set letting them know they need to set a password.