| **Source System** | **Integration Type** | **Description** |
|---|---|---|
| **Active Directory (AD)** | AD Sync Agent | Syncs users/groups from AD to JumpCloud |
| **OneLogin / Okta / Azure AD** | SCIM Connector | Push users via SCIM to JumpCloud |
| **Google Workspace / HR System** | API Script (custom) | Use API to fetch users and sync to JC |
What It Does:
- Automatically fetches users and groups from AD into JumpCloud. - Keeps user profiles updated. - Supports password sync and group assignments. ##### Steps: 1. 1. **Install the AD Import Agent**: - Log in to JumpCloud Admin Portal. - Navigate to **Directory Integrations → Active Directory**. - Download the **AD Import Agent**. - Install it on your Domain Controller or a Windows server joined to the domain. 2. **Install the AD Sync Agent (optional for write-back)**: - If you want to sync changes from JumpCloud to AD (two-way), install the Sync Agent too. 3. **Register the Agents**: - During installation, provide the **JumpCloud API key**. - Approve the agent from the JumpCloud admin dashboard. 4. **Set Up AD Group(s) for Sync**: - Create an AD security group (e.g., JumpCloudSyncUsers). - Add AD users to this group. Only members will sync. 5. **Configure OU and Attribute Settings**: - Specify which Organizational Units (OUs) to include. - Map attributes like email, phone, title, etc. 6. **Test and Enable Sync**: - Run a test sync. - Review previewed user data in JumpCloud. - Enable production sync. 7. **Monitor Sync**: - Use the AD Integration logs in JumpCloud to monitor status. #### **Option 2: SCIM-Based Provisioning from OneLogin, Okta, Azure AD** ##### Description: If you're using a cloud identity provider, you can **push users into JumpCloud** using SCIM.What It Does:
- Auto-creates users in JumpCloud. - Syncs attribute updates (name, email, etc.). - Suspends users when removed from the source. ##### Steps: 1. **Prepare JumpCloud SCIM Settings**: - In JumpCloud Admin Portal, go to **SSO Applications → + Add App**. - Choose **Custom SCIM Connector**. - JumpCloud provides: - **SCIM Base URL** - **Bearer Token** (API key) 2. **Configure SCIM in IdP (e.g., OneLogin/Okta)**: - Create a new SCIM app integration. - Enter the SCIM Base URL and Token provided by JumpCloud. - Set the SCIM version to **2.0**. 3. **Define Provisioning Rules**: - Choose what triggers user creation (e.g., role membership). - Assign the app to users or groups. 4. **Enable SCIM Provisioning**: - Turn on auto-provisioning in your IdP. - Confirm SCIM connection test passes. 5. **Sync Begins Automatically**: - Users assigned in IdP are instantly created/updated in JumpCloud. - No manual intervention required. #### **Option 3: Custom Script Using JumpCloud API** ##### Description: If users are stored in another system (like Google Workspace, a database, or an HR app), use **JumpCloud’s API** to fetch and sync users automatically.What It Does:
- Programmatically creates users in JumpCloud. - Can run on a schedule (daily, hourly, etc.). - Completely hands-free after setup. ##### Steps: 1. **Get JumpCloud API Credentials**: - Go to **Admin Portal → API Settings**. - Copy your **API Key**. 2. **Write a Script**: - Use Python, Bash, or PowerShell. - Example logic: - Connect to your data source. - Format users as JSON. - Call POST /systemusers or PUT /systemusers/{id}. 3. **Schedule the Script**: - On Linux: Use cron to run the script hourly/daily. - On Windows: Use **Task Scheduler**. 4. **Optional**: Log output or push alerts to Slack/email.| Method | No Manual Upload | Real-Time Updates | Deletion Sync |
|---|---|---|---|
| AD Sync | **✓** | **✓** | **✓** |
| SCIM (IdPs) | **✓** | **✓** | **✓** |
| Custom API | **✓** | **☓** (depends on job) | **✓** |