Configuring SSO Integration with JumpCloud
PreviousConfiguring SSO Integration with Ping IdentityNextConfiguring SSO Integration with Google Workspace
Last updated
Last updated
Follow the steps below one by one to integrate Parallels My Account with JumpCloud.
A domain is a part of the email addresses (after the @ symbol) used by the end users in your organization. When end users try to log in to Parallels My Account using SSO, they are prompted to enter their work email address. Parallels My Account checks the domain part of the email address and recognizes that the user belongs to your organization. Click on the title of Step 1 to expand it and read the instructions carefully.
Add one or more domains your organization uses.
Each domain must be unique and can only be registered to one business account that your organization has registered with Parallels.
Make sure to add only the domains your organization can control.
The Parallels My Account service verifies the domain ownership by checking a specific TXT record that must be added to the DNS host of the corresponding domain. Make sure that all domains added to the list are verified before proceeding with the next steps.
Depending on the software and/or provider, a TXT record may take up to 72 hours to propagate. You can check whether it's been configured using the following command:
Registering the Parallels enterprise application (required for integrating with the Parallels My Account service) in the IdP Directory allows you to configure the SSO-related parameters and correctly provision the integration between your IdP and the Parallels My Account service.
The below process describes setting up a new Enterprise Application for JumpCloud:
Log into the JumpCloud . On the left-hand side panel, find the User Authentication section and select SSO Applications". Click the + Add New Application button on the new page.
At the Select Application step, choose the Custom Application option in the bottom right corner and click Next at the next screen.
At the Select the features you would like to enable step, choose Manage Single Sign-On (SSO) and Export users to this app (Identity Management) options. For the SSO functionality, choose the Configure SSO with SAML option. Click Next.
At the Enter general info step, fill out the parameters as you see fit and click Save Application in the bottom right corner. Make sure to devise a unique login URL under Advanced Settings. Note: We recommend you uncheck the box Show this application in User Portal. Clicking on the application icon from JumpCloud's user portal triggers IdP-initiated SSO, which is currently not supported.
Click Configure Application in the bottom right corner to continue setting up the Parallels application's integration with JumpCloud.
Select your application from JumpCloud's list of , and make sure you are switched to the SSO tab.
In the IdP Entity ID field, type in a unique name, e.g., "JumpCloudParallels".
Go to the of Parallels My Account, expand Step (4) Configure SAML Integration, and copy the URL parameters into the respective fields of the SSO tab on the JumpCloud side:
From Service Provider Settings/Service Provider Entity ID (Parallels) to SP Entity ID (JumpCloud);
From Service Provider Settings/Assertion Consumer Service URL (Parallels) to ACS URLs/Default URL (JumpCloud).
Note: Alternatively, you may use the Download the metadata file link on the Parallels side and the Upload Metadata button on the JumpCloud side to populate the fields automatically.
IMPORTANT! Under the Sign* section of the JumpCloud SSO settings tab, make sure to select the Assertion and Response option.
IMPORTANT! Under the Login URL section of the JumpCloud SSO settings tab, make sure to tick the Declare Redirect Endpoint box for this address to be included in the IdP metadata file.
Scroll down to the Attributes section and use the add attribute button to add the following attributes exactly as shown in the image below:
Under the GROUP ATTRIBUTES section, check the box titled include group attribute and set the parameter to groups, and click Activate SSO if it is not active yet.
Switch back to the Parallels My Account, expand Step (2) Register the Parallels Enterprise App, and check the Configuration in the IdP Directory is complete box.
While you have the SSO tab of your Parallels application open on the JumpCloud side, you can also finish configuring the SAML integration. Follow these steps:
On the JumpCloud side, in the same SSO tab of your Parallels app card, scroll to the very top and click the Export Metadata button. This will download an XML file to your computer.\
Note: If the upload fails for some reason, open the file in a text editor and copy the contents as directed: the value entityID into the Identity Provider Entity ID field, the URL from the location value into the Identity Provider SSO URL field, and the public key from the <ds:X509Certificate></ds:X509Certificate> tag into the Public Certificate field.
Click Save to update the configuration and check the Configuration in the IdP Directory is complete box.
Proceed to the next step.
Start with creating the group in the IdP Directory. To do so, switch to your IdP management portal and follow the standard procedure of creating a user group and associating it with the Parallels enterprise application, as provided by your Organization’s IdP. The description below illustrates the registration procedure for JumpCloud. It is assumed that you have appropriate permissions to manage user groups in JumpCloud. To create a user group for the Parallels enterprise application in JumpCloud:
In the JumpCloud admin console, find the User Management section on the left-hand side panel and click on User Groups.
Click on the + button to create a new group.
In the new group panel, give it a name (e.g., Parallels Desktop Administrators), and optionally, add a description and click Save Group in the bottom right corner.
At least two groups are required: one for the administrators with access to license management in Parallels My Account and one for the app users who need to activate their Parallels Desktop licenses.
Note: If any of the administrators also need to activate Parallels Desktop, you also need to add them to the user group.
Wait for the newly created group to appear on the group list and click on it to configure.
On the Details tab, scroll down to the Custom Attributes section, click the + Add Custom Attribute button, and select the type String.
Click Save Group and repeat for all the groups.
In JumpCloud, go back to the SSO Applications section, open the Parallels app, switch to the User Groups tab, check the boxes for both admin and user groups, and click Save.
Take care to use the correct names and UUIDs for each group.
Once the required groups have been created in the IdP Directory and associated with the Parallels app, move on to the next step.
If everything is set, proceed to the next step.
SCIM 2.0 integration between Parallels My Account and your Organization’s IdP allows you to keep user identity information in Parallels My Account in constant sync with the updates made to user identities in the IdP Directory. JumpCloud supports the SCIM 2.0 protocol, which is used for this purpose.
To set up SCIM integration with JumpCloud, do the following:
In JumpCloud, select SSO Applications from the left-hand side panel and click on the Parallels app created earlier.
In the app panel, switch to the Identity Management tab.
Copy the value of the SCIM Base URL parameter to the Base URL field on the JumpCloud side and the value of Bearer Token to the Token Key field, respectively.
On the JumpCloud side, type a user's email address that is already included in one of the groups during the group mapping configuration and click Test Connection.
Once the connection tests successfully, click Activate, switch to the Parallels My Account IdP integration page, and check the Configuration in the IdP Directory is complete box in Step (5) Configure SCIM Integration.
Continue to the next step.
For users to be able to make use of the application to sign or activate with Parallels, they have to be created and added to the groups tied to the Enterprise Application.
Once it is done, or if you plan to add users later, switch back to the My Account SSO setup page, expand Step 6, "Add Users to Application Groups", and mark the Configuration in the IdP Directory is complete checkbox at the bottom of the section.
Warning: Once you have completed the integration process and activated the SSO functionality, only users from the Administrators group in your IdP signing in via SSO will retain access to managing the Parallels business account. All previous administrative privileges based on logins and passwords will become inactive.
Your designated backup login will continue to work.
On the Parallels side, go back to the SSO setup procedure, expand Step (4) Configure SAML Integration, locate the Identity Provider Settings section and use the Upload the metadata file link to upload the XML file that you have just downloaded from JumpCloud.
You must create user groups associated with the Parallels Desktop application in your IdP Directory. Later, you will add users to those groups to let Parallels My Account know which users should have business account admin privileges in the Parallels ecosystem. At least one user group is required to add users with admin access to your organization’s business account registered with Parallels, and one more is required for the users of Parallels Desktop for Mac. Once the group is created, you should add the group's name and ID in Step 3 of the in Parallels My Account.
In the Attribute Name field, put the name of the group attribute as specified in Step 11 of the section above, in this case, groups.
For Attribute Value, see the address in your browser's address bar and identify the unique group ID in it, i.e., for , the value will be 67c0bea6ecc3120001efa8da. Write down the identifier value for later use.
Switch to the Parallels My Account , expand Step (3) Configure User Groups Mapping, and use the click to edit links to fill out the group name and UUID (the value from Step 7 earlier) fields for administrators and users, as specified on the JumpCloud side, and click Save.
The SAML 2.0 is supposed to be configured for the Parallels enterprise application registered with JumpCloud at the time of the Parallels enterprise application registration (refer the chapter earlier in this document for more details).
Make sure to check the Step 4 section on the at Parallels My Account. All fields must be filled in, and the Configuration in the IdP Directory is done option must be enabled.
Select API Type: SCIM API, leave the Use mTLS authentication box unchecked, SCIM Version: SCIM 2.0, switch to the My Account , and expand Step (5) Configure SCIM Integration.
To add users to the groups created in , go to JumpCloud, select User Groups from the left-hand side panel, click on the required group, switch to the Users tab, and populate it with users as required.
The backup login can be used to access your organization’s business account registered with Parallels, bypassing Single Sign-On in the event of an SSO malfunction. By default, the backup login is set to the email address of the currently logged-in user. If you want to define a different backup login, add more users first on the Users page of the in Parallels My Account. The new user must log into the business account at least once before they can be designated as a backup login.
