Skip to main content

Automatically Fetch User Accounts without Manually Importing for JumpCloud

JumpCloud

Intoduction

JumpCloud allows you to automate user account creation and syncing without manual CSV uploads by integrating with external identity sources like Active Directory, OneLogin, Okta, Azure AD, or APIs.

Automatic User Provisioning in JumpCloud

Automatic provisioning means creating and updating user accounts in JumpCloud from another source system (e.g., your Identity Provider or directory service) using SCIM or other integrations — no spreadsheets, no forms, no manual steps.

Source System

Integration Type

Description
Active Directory (AD) AD Sync Agent Syncs users/groups from AD to JumpCloud
OneLogin / Okta / Azure AD SCIM Connector Push users via SCIM to JumpCloud
Google Workspace / HR System API Script (custom) Use API to fetch users and sync to JC

Option 1: Active Directory (AD) Sync

Description:

Use JumpCloud’s AD Sync Agent to connect your on-prem Active Directory to JumpCloud.

What It Does:

  • Automatically fetches users and groups from AD into JumpCloud.

  • Keeps user profiles updated.

  • Supports password sync and group assignments.

Steps:

    1. Install the AD Import Agent:

      • Log in to JumpCloud Admin Portal.

      • Navigate to Directory Integrations → Active Directory.

      • Download the AD Import Agent.

      • Install it on your Domain Controller or a Windows server joined to the domain.

    2. Install the AD Sync Agent (optional for write-back):

      • If you want to sync changes from JumpCloud to AD (two-way), install the Sync Agent too.

    3. Register the Agents:

      • During installation, provide the JumpCloud API key.

      • Approve the agent from the JumpCloud admin dashboard.

    4. Set Up AD Group(s) for Sync:

      • Create an AD security group (e.g., JumpCloudSyncUsers).

      • Add AD users to this group. Only members will sync.

    5. Configure OU and Attribute Settings:

      • Specify which Organizational Units (OUs) to include.

      • Map attributes like email, phone, title, etc.

    6. Test and Enable Sync:

      • Run a test sync.

      • Review previewed user data in JumpCloud.

      • Enable production sync.

    7. Monitor Sync:

      • Use the AD Integration logs in JumpCloud to monitor status.

Option 2: SCIM-Based Provisioning from OneLogin, Okta, Azure AD

Description:

If you're using a cloud identity provider, you can push users into JumpCloud using SCIM.

What It Does:

  • Auto-creates users in JumpCloud.

  • Syncs attribute updates (name, email, etc.).

  • Suspends users when removed from the source.

Steps:

  1. Prepare JumpCloud SCIM Settings:

    • In JumpCloud Admin Portal, go to SSO Applications → + Add App.

    • Choose Custom SCIM Connector.

    • JumpCloud provides:

      • SCIM Base URL

      • Bearer Token (API key)

  2. Configure SCIM in IdP (e.g., OneLogin/Okta):

    • Create a new SCIM app integration.

    • Enter the SCIM Base URL and Token provided by JumpCloud.

    • Set the SCIM version to 2.0.

  3. Define Provisioning Rules:

    • Choose what triggers user creation (e.g., role membership).

    • Assign the app to users or groups.

  4. Enable SCIM Provisioning:

    • Turn on auto-provisioning in your IdP.

    • Confirm SCIM connection test passes.

  5. Sync Begins Automatically:

    • Users assigned in IdP are instantly created/updated in JumpCloud.

    • No manual intervention required.

Option 3: Custom Script Using JumpCloud API

Description:

If users are stored in another system (like Google Workspace, a database, or an HR app), use JumpCloud’s API to fetch and sync users automatically.

What It Does:

  • Programmatically creates users in JumpCloud.

  • Can run on a schedule (daily, hourly, etc.).

  • Completely hands-free after setup.

Steps:

  1. Get JumpCloud API Credentials:

    • Go to Admin Portal → API Settings.

    • Copy your API Key.

  2. Write a Script:

    • Use Python, Bash, or PowerShell.

    • Example logic:

      • Connect to your data source.

      • Format users as JSON.

      • Call POST /systemusers or PUT /systemusers/{id}.

  3. Schedule the Script:

    • On Linux: Use cron to run the script hourly/daily.

    • On Windows: Use Task Scheduler.

  4. Optional: Log output or push alerts to Slack/email.

Method No Manual Upload Real-Time Updates Deletion Sync
AD Sync
SCIM (IdPs)
Custom API (depends on job)

JumpCloud API

  • https://docs.jumpcloud.com/api/
No Comments
Back to top