- Step 1: Identity Provider (IDP) Configuration
- Step 2: Service Provider Configuration
- Optional: Configure the PixieBrix Browser Extension Policy
Step 1: Identity Provider (IDP) Configuration
We’re using JumpCloud as an IDP in the example below. However, the configuration should be similar for any vendor. Reach out to firstname.lastname@example.org if you have any questions / concerns.
- Login to JumpCloud as an Administrator: https://console.jumpcloud.com/login/admin
- Click “SSO” on the left side panel. Then click “Add New Application” > “Custom SAML App”
- “General Info” tab
- Display Name:
- “SSO” tab
- Upload Metadata: Navigate to https://app.pixiebrix.com/api/saml/metadata/ and save the metadata to a file. Then upload the metadata to JumpCloud.
- Service Provider (SP) Entity ID
- ACS URL
- IDP Entity ID:
- Note the IDP Entity ID
- If you do not already have an IDP Entity ID, contact email@example.com
- User Attributes: PixieBrix requires certain attributes to provision a user from your IDP. You need to map attributes from your IDP to the Service Provider attributes PixieBrix expects.
- “User Groups” tab
- Grant the users that should have access to log in with SAML. For example: the screenshot below shows granting the PixieBrix Engineering group access to the SAML App
This should populate the following fields:
Note, you can manually fill the fields out if you want but uploading the metadata file is easier / less error-prone.
SAML defines Attribute Definitions for configuring Service Provider attributes. For example,
urn:oid:0.9.2342.19200300.100.1.3 maps to the user’s email.
PixieBrix requires the following attributes:
Service Provider Attribute Name
Once completed in JumpCloud, the “User Attributes” section should look like this:
Step 2: Service Provider Configuration
PixieBrix needs certain data from the IDP to complete the integration. Please securely send firstname.lastname@example.org the following information:
- IDP Entity ID
- IDP URL (aka SSO URL)
- IDP Public Certificate: You can download this from the IDP.
- In JumpCloud, you just need to click “Download Certificate”.
Optional: Configure the PixieBrix Browser Extension Policy
This feature is available since
You can configure your PixieBrix Browser Extension Policy (Google Workspace, or GPO) to automatically authenticate with your configured IDP.
- Contact email@example.com to receive the authentication flow URL
- Set the
ssoUrlproperty for the managed browser extension settings. See more information on managed browser extension settings here:
Authentication flow URL. Will have the form: