JumpCloud SSO (SAML)
This article details how to configure JumpCloud as the primary Identity Provider for ngrok tunnels. By integrating JumpCloud SSO with ngrok, you can:
- Restrict access to ngrok tunnels only to users authenticated via JumpCloud
- Use JumpCloud security policies and MFA authenticators.
- Use JumpCloud's Dashboard to facilitate access to ngrok apps.
To configure ngrok tunnels with JumpCloud, you must have:
- an JumpCloud account with administrative rights to create apps
- an ngrok Enterprise Account with an authtoken or admin access to configure edges with SAML.
To integrate ngrok with JumpCloud SSO, you will need to:
- Configure JumpCloud with the ngrok app
- Configure ngrok with the SSO settings provided by JumpCloud
Step 1: Configure JumpCloud
Access the JumpCloud Console, and sign in using your JumpCloud administrator account.
On the left menu, click SSO, click Get Started or + Add New Application, and then click Custom SAML App.
On the New Application popup, enter
ngrok samlin the Display Label field.
Click the SSO tab, enter
https://ngrok-jumpcloudin the IdP Entity ID field, enter temporary values (i.e.,
https://temporary) in both the SP Entity ID and the ACS URL fields, and then click activate.
Step 2: Download the IdP metadata
- On the SSO page of the JumpCloud Console, click your Custom SAML App, click the SSO tab, click Export Metadata, and then save the XML file on your desktop.
Step 3: Configure ngrok
To configure an edge with JumpCloud:
Access the ngrok Dashboard and sign in using your ngrok account.
On the left menu, click Cloud Edge and then click Edges.
If you don't have an edge already set to add JumpCloud SSO, create a test edge:
- Click + New Edge.
- Click Create HTTPS Edge.
- Click the pencil icon next to "no description", enter
Edge with JumpCloud SSO SAMLas the edge name, and click Save.
On the edge settings menu, click SAML.
On the SAML page, click Begin setup, click Upload XML, and then open the XML metadata file you downloaded from JumpCloud (See Download the IdP metadata).
Click Save at the top.
Step 4: Download the SP metadata
- On the SAML page of your ngrok edge, click the three dots close to the SP Metadata field, click Download XML File, and then save the XML file on your desktop.
Step 5: Link JumpCloud with ngrok
Access the JumpCloud Console, click SSO, click your Custom SAML App, click the SSO tab, click Upload Metadata, and then open the XML metadata file you downloaded from ngrok (See Download the SP metadata).
Step 6: Start a Tunnel
- Access the ngrok edges page, click your edge, and then click Start a tunnel.
For this step, we assume you have an app running locally (i.e. on localhost:3000) with the ngrok client installed.
Click the copy icon next to the tunnel command.
Launch a tunnel:
- Launch a terminal.
- Paste the command but replace
http://localhost:80with your localhost app address (i.e.,
- Click Enter and an ngrok tunnel associated with your edge configuration will launch.
To confirm that the tunnel is connected to your edge:
- Return to the ngrok dashboard
- Close the Start a tunnel and the Tunnel group tabs
- Refresh the test edge page. Under traffic, You will see the message You have 1 tunnel online. Start additional tunnels to begin load balancing.
In the test edge, copy the endpoint URL. (You use this URL to test the JumpCloud Authentication)
Grant access to JumpCloud users
JumpCloud allows administrators to restrict access to SSO apps — such as ngrok — via user group assignments. By default, apps created in JumpCloud have no group assignments — in other words, nobody can use JumpCloud SSO to access ngrok until you assign a group to the app.
To assign JumpCloud groups to the ngrok app:
On the left menu of the JumpCloud Console, click SOO and click the ngrok custom SAML app you created.
On the app popup, click the User Groups tab, click the checkbox of the All Users group, and then click Save. Tip: Make sure to add JumpCloud users to this group when you create or manage users that need access to the ngrok app.
Test the integration
In your browser, launch an incognito window.
Access your ngrok tunnel (i.e.,
https://jumpcloud-sso-test.ngrok.ioor using the copied endpoint URL).
You should be prompted to log in with your JumpCloud credentials.
After logging in, you should be able to see your web app.