JumpCloud

Last Updated: April 07, 2026

An identity provider (IdP) uses an authentication token to vouch for a person's identity. Vasion Automate uses IdPs for several tasks, including logging in to the Admin Console and portals, deploying printers, releasing print jobs, and more.

If you use an IdP, the Control Panel Application (CPA) supports only badge and PIN authentication.

Configure Connection

To add an app integration for the Vasion Print connection, do the following:

  1. Create the JumpCloud App.
  2. Add the IdP Settings Template.
  3. Configure Single Sign-On (SSO).
  4. Add the X-509 Certificate.
  5. Complete IdP Settings.
  6. Configure Provisioning.
  7. Add Vasion Print Admins.

1. Create the JumpCloud App

  1. In your preferred browser, to your JumpCloud portal and log in.
  2. From the left-side menu, select Access.

  3. Select SSO Applications.

    Access menu in Jumpcloud showing the SSO Application suboption.

  4. Select the + Add New Application button.
  5. Search for PrinterLogic, and select the PrinterLogic SaaS app.
  6. Select Next.
  7. In the Display Label field, name your app.
    1. (Optional): Add a description, and upload a logo.
  8. Select Save Application.
  9. Select Configure Application.
  10. Leave the current browser open on the new app screen for the following steps.

JumpCloud portal showing Create New Application Integration screen with Display Label and Description fields and Logo option.

2. Add the IdP Settings Template

If the IdP Settings modal does not look like the image below, you may not be using the latest version and should contact Product Support to upgrade your IdP settings.

  1. Open your Vasion Print Admin Console in a new browser tab, and log in.
  2. Select Tools then Settings then General, and scroll down to the Identity Provider Settings section.
  3. Select IdP, and then select Add.
  4. Select the IdP that you want to configure from the IdP Template dropdown menu.
  5. Select SAML2 in the Authentication Protocol section.

  6. In the Provisioning section, if you are using Systems for Cross-domain Identity Management (SCIM), leave the JIT option deselected.

    By default, the Admin Console assumes that you are using SCIM for provisioning. Only select JIT if you are not using SCIM.

  7. In the Name field, enter the name that you want to appear on the login button for users. For example, My Company, Login, or Acme Corp.
  8. Scroll down, and select the desired settings:
    • Enable for End User Login: Allows end users to log in using this IdP. (Self-service Portal)
    • Enable for Admin Login: Allows admins to log in using this IdP. (Admin Console)
    • You can select both checkboxes when you are using a single IdP or the admin and end users use the same IdP to log in.

Keep the IdP Settings modal open so that the Service Provider Information section at the bottom is available for the following steps.

IdP Settings showing multiple fields and Service Provider Information section.

3. Configure Single Sign-On (SSO)

  1. In the JumpCloud app, select the SSO tab.

  2. Copy the URL below:

    Copy Code 
    https://jumpcloud.com/
    1. Paste the URL in the JumpCloud IdP Entity ID field.
    2. Paste the URL in the Vasion Admin Console Issuer URL field.
  3. Copy the IdP Identifier from the Admin Console Service Provider Information section.
    1. Paste the IdP Identifier after the "/" in the JumpCloud IdP Entity ID field. For example, https://jumpcloud.com/<IdP Identifier>.
    2. Paste the IdP Identifier in the Admin Console Issuer ID field.
  4. Copy and paste the following from the Admin Console Service Provider Information section to the JumpCloud SSO tab:
    1. Copy the Admin Console Identifier (Entity ID), and paste it in the JumpCloud SP Entity ID field.
    2. Copy the Admin Console Reply Url (ACS), and paste it in the Default URL field in the JumpCloud ACS URLs section.
    3. Copy the Admin Console Relay State, and paste it in the JumpCloud Default RelayState field.
  5. In the JumpCloud Login URL field, replace the “YOUR_SUBDOMAIN” portion of the URL with your instance subdomain.
  6. Select the Declare Redirect Endpoint checkbox.
  7. Copy the JumpCloud IDP URL, and paste it in the Admin Console SSO URL field.

  8. Scroll down to the JumpCloud Attributes section, and adjust mappings as needed.

    For more information about the SSO Connector fields in JumpCloud, refer to SSO Application Connector Fields.

  9. Select Save in the JumpCloud app.

JumpCloud app showing SSO tab with configuration fields and URLs.

4. Add the X-509 Certificate

  1. In the JumpCloud app, scroll up to the JumpCloud Metadata section in the SSO tab and select the Export Metadata button.
  2. Open the file in your preferred text editor.

  3. Remove the export content before and after the X-509 certificate.

    Ensure that you copy only the X-509 certificate content from the text editor. This section is between the angle brackets (> <) as shown in the image. You can remove the rest.

    XML file in text editor showing X-509 certificate and beginning and ending sections.

  4. Add the following headers before and after the X-509 certificate content.

    Copy Code 
    -----BEGIN CERTIFICATE-----
    Copy Code 
    -----END CERTIFICATE-----
  5. Copy the X-509 certificate with the adjusted headers.
  6. Return to the Admin Console IdP Settings, and paste the certificate in the X-509 Certificate field.
  7. Select Apply.
  8. Select Save.

IdP Settings showing X-509 Certificate and other fields configured.

5. Complete IdP Settings

  1. In the General settings of the Vasion Print Admin Console, navigate to the Identity Provider Settings section.

  2. To have Vasion Print prompt users to authenticate through the IdP when performing any function that requires authorization, such as installing a printer, select the Automatically Open Browser to Login on Desktop Client option.

    If you do not select this option, users must manually navigate to the IdP login screen to log in.

  3. We recommend enabling the Use Loopback with Saml 2.0 (recommended) option. The IdP needs to provide an authentication token to the desktop Client whenever authentication happens. This option allows the Client to handle the token and automatically log in without interaction from end users.

    General settings showing Identity Provider Settings section with IdP option and other options selected.

  4. The option Use Domain User (Windows only) automatically authorizes domain-joined Windows users and does not require log in via the configured IdPs.
  5. Select Save in the upper-right corner of the General settings.

6. Configure Provisioning

The provisioning steps vary depending on whether you are using Systems for Cross-domain Identity Management (SCIM) or Just-in-Time (JIT) provisioning. Choose the appropriate option below to view the corresponding steps.

SCIM Provisioning

Enable SCIM Provisioning

  1. In the JumpCloud app, select the Identity Management tab.
  2. Select Configure.
  3. Select the checkbox for Enable management of User Groups and Group Membership in this application.
  4. In the Vasion Print Admin Console, select IdP and then select Modify.
  5. In the Admin Console IdP Settings modale, copy the SCIM Tenant URL.
  6. Paste the SCIM Tenant URL in the JumpCloud Base URL field.
  7. Select Apply in the Admin Console.
  8. Select Save in the Admin Console.

For more information about SCIM identity management in JumpCloud, refer to Custom SCIM Identity Management.

JumpCloud app showing Identity Management tab, expanded Authentication section, and SCIM information entered.

Generate a SCIM Token

  1. In the Vasion Print General settings, select the SCIM option in the Identity Provider Settings section.
  2. Select your IdP configuration from the dropdown menu.

  3. Select Generate SCIM Token.

    Identity Provider Settings section showing SCIM option with IdP selected from dropdown menu and Generate SCIM Token button to right.

    Generating a SCIM token invalidates any previous tokens for that IdP.

  4. Copy the token, close the modal, and select Save in the upper-right corner of the General settings.
  5. In the JumpCloud Identity Management tab, paste the token in the Token Key field.
  6. Select Activate in JumpCloud.
  7. Select Save in JumpCloud.

Add User Groups

  1. In the JumpCloud app, select the User Groups tab.
  2. Search for and select the groups that you want to bind to Vasion Print.
  3. Select Save.

JumpCloud app showing User Groups tab with one group selected.

JIT Provisioning

JIT does not support the provisioning of group membership associations, so you cannot apply Role-Based Access Control (RBAC) roles, printer deployments, or portal security roles to groups. You must create assignments individually for each user.

When using JIT provisioning, the app creates users during the first login attempt:

  1. Access your Vasion instance, and select Sign In With <IdP Name>.
  2. Attempt to log in with your IdP credentials.

  3. This login attempt fails and returns you to the login screen.

    This behavior is expected. With JIT, this action triggers user creation in the Vasion instance.

  4. The second login attempt with valid credentials initiates a typical login sequence.

For admins who need access to the Admin Console, you still need to add them to the Users page located in Tools then Users.

7. Add Vasion Print Admins

For steps on assigning users and roles to the Vasion Print and Vasion Automate Admin Console, refer to Admin Console Users.