- Step 1: Identity Provider (IDP) Configuration
- Step 2: Service Provider Configuration
- Optional: Configure the PixieBrix Browser Extension Policy
Step 1: Identity Provider (IDP) Configuration
We’re using JumpCloud as an IDP in the example below. However, the configuration should be similar for any vendor. Reach out to support@pixiebrix.com if you have any questions / concerns.
- Login to JumpCloud as an Administrator: https://console.jumpcloud.com/login/admin
- Click “SSO” on the left side panel. Then click “Add New Application” > “Custom SAML App”
- “General Info” tab
- Display Name:
PixieBrix
- “SSO” tab
- Upload Metadata: Navigate to https://app.pixiebrix.com/api/saml/metadata/ and save the metadata to a file. Then upload the metadata to JumpCloud.
- Service Provider (SP) Entity ID
- ACS URL
- IDP Entity ID:
- Note the IDP Entity ID
- If you do not already have an IDP Entity ID, contact support@pixiebrix.com
- User Attributes: PixieBrix requires certain attributes to provision a user from your IDP. You need to map attributes from your IDP to the Service Provider attributes PixieBrix expects.
- “User Groups” tab
- Grant the users that should have access to log in with SAML. For example: the screenshot below shows granting the PixieBrix Engineering group access to the SAML App
This should populate the following fields:
Note, you can manually fill the fields out if you want but uploading the metadata file is easier / less error-prone.
SAML defines Attribute Definitions for configuring Service Provider attributes. For example, urn:oid:0.9.2342.19200300.100.1.3
maps to the user’s email.
PixieBrix requires the following attributes:
Attribute Name | Service Provider Attribute Name |
username | urn:oid:0.9.2342.19200300.100.1.1 |
email | urn:oid:0.9.2342.19200300.100.1.3 |
first Name | urn:oid:2.5.4.42 |
last Name | urn:oid:2.5.4.4 |
Once completed in JumpCloud, the “User Attributes” section should look like this:
Step 2: Service Provider Configuration
PixieBrix needs certain data from the IDP to complete the integration. Please securely send support@pixiebrix.com the following information:
- IDP Entity ID
- IDP URL (aka SSO URL)
- IDP Public Certificate: You can download this from the IDP.
- In JumpCloud, you just need to click “Download Certificate”.
Optional: Configure the PixieBrix Browser Extension Policy
This feature is available since
Release 1.7.23
You can configure your PixieBrix Browser Extension Policy (Google Workspace, or GPO) to automatically authenticate with your configured IDP.
- Contact support@pixiebrix.com to receive the authentication flow URL
- Set the
ssoUrl
property for the managed browser extension settings. See more information on managed browser extension settings here:
Property | Value |
ssoUrl | Authentication flow URL. Will have the form:
https://app.pixiebrix.com/login/saml/?idp=<name>,<orgId> |