# Single Sign-On

## JumpCloud

This guide describes the SSO setup between NVSEP and JumpCloud.

### In JumpCloud

1. Create a a custom application
2. Select "Configure SSO with SAML"
3. Paste the `SP Entity ID` value from your NVSEP Portal on the SSO page into the `SP Entity ID` field
4. For ACS Url:
  * For QA: `https://identity.qa.nvsep.org/saml2/idpresponse`
  * For Prod: `https://identity.nvsep.org/saml2/idpresponse`
5. For `SAMLSubject NameID:` select `email`
6. For `SAMLSubject NameID Format:` select `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
7. For `Sign`, select `Response and Assertion`
8. For `Login URL`, enter:
  * For QA: `https://portal.qa.nvsep.org/admin/login`
  * For Prod: `https://portal.nvsep.org/admin/login`
9. Check the `Declare Redirect Endpoint` checkbox
10. Under attributes, add the attribute mapping from the below table.
11. Hit Save.


#### Attribute Mapping

| Service Provider Attribute Name | JumpCloud Attribute Name |
|  --- | --- |
| `given_name` | `firstname` |
| `family_name` | `lastname` |
| `email` | `email` |


Click the `Copy Metadata URL` at the top of the application page and provide to NVSEP below:

### In NVSEP

1. Navigate to the Integrations SSO page
2. Enter the Metadata URL copied from JumpCloud
3. Click Save.


### Testing

After the SSO setup is complete, it is recommended to test the login in a separate browser or incognito window before logging out.