Enhancing Security and User Experience with Jumpcloud

Enhancing Security and User Experience with Jumpcloud

What is Single Sign On and why is it required?

Meritto enables identity providers (IdPs) to verify user identities, ensuring a seamless and secure authentication process. The users can utilize their existing login credentials managed by IdPs such as Okta, Azure AD and Jumpcloud. This eliminates the need for users to remember multiple passwords, making the login process more seamless and efficient.

The standard users have the flexibility to configure and manage authentication settings for their Meritto account. In essence, SSO is a secure authentication mechanism that enables users to access multiple cloud applications with a single login through a centralized authentication system, known as an Identity Provider (IdP). The cloud applications that rely on IdP-verified authentication are referred to as Service Providers (SP).

How Single Sign-On (SSO) Works?

When you attempt to log in to the Meritto portal, the SSO process follows these steps:
  1. Login to the IDP:
    1. First, log in to your Identity Provider (such as JumpCloud) to access Meritto through SSO.
  2. Access Meritto Application:
    1. On the Meritto login page, click the JumpCloud icon under the SSO section.
    2. You’ll be redirected to the JumpCloud page. If you’re already logged in, you’ll be asked to provide consent to continue.
  3. Identity Verification:
    1. The IDP verifies your credentials, authenticates the request, and issues a secure token to log you into Meritto.
  4. User Authentication:
    1. Once the application receives the token from the IDP, it verifies your identity and grants access to your Meritto account.
  5. Session Continuity:
    1. After logging in, your authentication data (saved as cookies or tokens) keeps you signed in, allowing smooth navigation across different pages without needing to log in again.

How to add Meritto as an application to JumpCloud dashboard?

  1. Sign in to the JumpCloud portal.
  2. From the left-hand navigation menu, select SSO Applications.
  3. To add a new application, click Add New Application, then under the Gallery section, select Custom Application.
  4. In the Manage Single Sign-On (SSO) section, set the scope to Configure SSO with SAML.
    1. Provide the following details:
    2. Display Label
    3. User Portal Image
    4. Description (optional)
      Then click Save Application.
  5. In the SAML 2.0 Configuration section, define the following parameters:
    1. IdP Entity ID: Define the unique name that later needs to be configured in the Meritto Portal.
    2. SP Entity ID: Obtain this value from the Meritto portal
    3. ACS URL: Also available from the Meritto portal
    4. SAML Subject NameID: Select Email from the dropdown
    5. SAML Subject NameID Format: Choose urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified
    6. Signature Algorithm: Select RSA-SHA256
  6. Once all details are configured, click Save.
  7. The Identity Management step is optional and can be skipped if not required.
  8. In the User Group section, specify which users should have SSO access.
  9. Finally, click Save to complete the setup.

How to configure SSO for Meritto using JumpCloud SSO?

Great !!! Now that you understand how Single Sign-On (SSO) works, let's walk through the process of configuring JumpCloud for your Meritto account.

Prerequisites

  1. The institute should have configured the respective IDP, like JumpCloud.
  2. It is mandatory for the institute to have Single Sign-On as an add-on feature during account onboarding.
  3. Once the feature is added to the account, the user configuring the SSO should have the “Allow users to view/edit Single sign-on settings” permission enabled to configure the SSO successfully. 
Once all the above prerequisites are met, please follow the steps below to configure SSO for a standard user:
  1. Log in to your Meritto portal and click on the settings icon located at the top-right corner of your screen.
  2. In the left-side menu at the L1 level, search for "Security Settings." Once you navigate to Security Settings, locate the expandable section labelled "Login Method" at the L2 level. Expand this section to proceed further
  3. When you select the SSO Login method, the following authentication options should be displayed:
    1. JumpCloud using SAML
  4. If the user selects the JumpCloud using SAML method, a pop-up slider would appear displaying the following details:
    1. SP Entity ID
      1. The [SP Entity ID] field in the pop-up slider will be automatically populated with the customer ID.
      2. This needs to be entered on the JumpCloud SSO configuration while setting up SAML settings
    2. ACS URL
      1. The [ACS URL] field in the pop-up slider will be auto-filled which needs to be configured in the JumpCloud SSO configuration.
    3. Map information from idP section
    4. Define below mentioned parameters values which can be taken for JumpCloud SSO configuration
      1. IdP Entity id
      2. IdP URL
      3. Meta Data URL : Click on the Copy Metadata URL button over the JumpCloud SSO configuration to get access to Meta Data URL.
      4. Logout URL (optional)
      5. JumpCloud Metadata: After copying the Metadata URL, open the URL in the new tab where the user would be getting a parameter name “certification” where the user would be able to access certificate code and insert the code in the MetaData section.
  5. Enter the required information in the designated fields. Once all fields are completed, click on "Configure SSO" to proceed.
  6. Congratulations !!! You have successfully configured SSO for your account.

How to configure users in SSO?

Now that you’ve learned how to configure SSO for your account, let’s proceed with setting up users for SSO.
While configuring users, it is essential to understand the bifurcation and criteria that determine how SSO can be applied to standard users. Let’s explore these aspects to gain a clear understanding of the configuration process.      
  1. Assign SSO to Individual Users: Under this criteria, you can manually select users by searching for their names in the "Select User(s)" dropdown. However, before doing so, you must first select the Users radio button under the list labeled "Assign all user(s) of the following."
  2. Assign SSO to Permission Groups: Under this criteria, users can be searched based on the permission groups they belong to. Simply select the "Permission Group" radio button and choose the desired permission template under "Select Permission Group(s)." Below this, you will find two search boxes labeled "User List" and "Included Users." These allow you to include only specific users from a selected permission group while assigning users from that group.
  3. Assign SSO to Teams: Under this criteria, users can be searched based on their assigned user groups. Simply select the "Users" radio button and choose the appropriate user group under "Select User Group(s)." Below this, you will find two search boxes labeled "User List" and "Included Users." These options allow you to include specific users from the selected user group while assigning users from that group.
Fantastic! Now that you have understood the bifurcation and criteria for applying SSO to standard users, let’s move forward.
Notes
NOTE:
  1. The configuration is only applicable to the users who are solely part of this account and not to users who are in multiple accounts.
  2. The users enabled in this configuration will not be able to access Meritto's mobile application.
  3. Assigning users to the configured SSO is a mandatory step to configure SSO on Meritto without which your users won’t be able to access Meritto using your SSO.

How to save the SSO configuration as a draft?

Once you have filled in all the relevant fields while configuring SSO, clicking on the [Cancel] CTA should save all the entered details as a draft.
Notes
NOTE:
The saved drafts should appear as a list under the [SSO Login] method option.

How to edit the SSO configuration?

Users can edit the configuration after the draft has been successfully saved. Kindly follow the steps below to proceed.
  1. Log in to your Meritto portal and click on the settings icon located at the top-right corner of your screen.
  2. In the left-side menu at the L1 level, search for "Security Settings." Once you navigate to Security Settings, locate the expandable section labelled "Login Method" at the L2 level. Expand this section to proceed further.
  3. Once you expand the section, you will find your previously configured SSO saved as a draft. Click on the three-dot action button to open a dropdown menu.
  4. Click on the edit SSO icon. Once you are done making the necessary changes, click on Save
Congratulations !!! You have successfully saved the changes made in your SSO configuration.  

Conclusion

Single Sign-On (SSO) in Meritto simplifies and secures user authentication by allowing access through trusted identity providers like Azure, Okta and JumpCloud. By eliminating the need for multiple passwords and enabling centralized login control, SSO enhances security, improves user convenience, and streamlines account access management across your organization.


    • Related Articles

    • How to configure Doc Verify for the user ?

      Introduction A crucial part of any admission process is document verification, which allows institutes to ensure that the information submitted by applicants is accurate and credible. This process also provides an opportunity to examine the ...

    • How to Re-assign User via Mobile App?

      Overview This article helps you understand how to reassign leads, applications, opportunities, queries, and events using the mobile app. You will learn where and how reassignment can be done within different modules such as Lead, Application, ...

    • How to Save Filter in Productivity Report | User Dashboard

      Overview Saving Filters in Productivity Report on the User Dashboard allows you to customize and refine data views for better productivity analysis. Custom Filter Setup: Apply and save filters to tailor reports to specific requirements. Data ...

    • How an Institute/College user can use Scorecard?

      Overview This article will guide you through the process of using the Scorecard in Meritto to evaluate candidates effectively. By following these steps, you will be able to: Access and manage the Scorecard. View candidate evaluation details. Assign ...

    • Enabling Captcha on the Registration Form for an Account

      Overview Enabling Captcha on the Registration Form helps prevent spam and automated submissions, enhancing security. Spam Prevention: Blocks automated and fraudulent form submissions. Enhanced Security: Protects user data by adding an extra ...