How to configure Single Sign-On to Continu using JumpCloud as the identity provider, via SAML 2.0.
Continu supports SAML 2.0 single sign-on. When configured, users authenticate through your identity provider rather than entering Continu-specific credentials. The integration handles login, plus optional attribute pass-through (first name, last name, additional fields).
This guide covers JumpCloud specifically. For other identity providers, see the related articles linked below. For the strategic context on user provisioning and identity, see Provisioning and Sync: How User Data Flows Into Continu.
How to Configure JumpCloud SSO
1. In the JumpCloud administrator console, select Applications.
2. Click the plus icon at the top left and search for "SAML".
3. Click configure on the SAML option.
4. In the IDP Entity ID field, enter a unique name to identify the application. Continu works.
5. Generate and upload the IDP Private Key and Certificate Pair. JumpCloud's SAML Configuration Notes have detail on this step.
6. In the SP ENTITY ID field, enter https://[yourdomain].continu.co/saml/consume — replacing [yourdomain] with your Continu subdomain.
7. Copy the same value into the ACS URL field.
8. In the SAML Subject NameID field, enter email.
9. In the SAML Subject NameID format field, enter urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
10. Under USER ATTRIBUTES, click Add Attribute.
11. In the name column, type firstName. In the value column, type firstname. Casing matters — exact capitalization required.
12. Click Add Attribute again. Name: lastName, value: lastname. Same casing rules.
13. In the IDP URL field, append a unique name to the URL: e.g., continu-[your domain].
14. Click Create.
15. From the applications page, select the Continu SAML application and click export metadata in the bottom right. This downloads the integration's XML metadata.
16. Open the XML file and copy the certificate value (between the relevant tags). Format the certificate using SAML Tool's x509 formatter.
17. In Continu, go to Admin > Integrations and select SAML 2.0.
18. Under SAML 2.0 Endpoint, paste the full URL from step 13.
19. Under X.509 Certificate, paste the formatted certificate from step 16.
20. Click Submit. Assign Continu access to the appropriate users in JumpCloud and the integration is live.
Configuration Pitfalls
Attribute Name Casing. firstName and firstname are not interchangeable. Wrong casing means user attributes don't pass through and Continu user records have missing first/last name fields.
Certificate Without Header Formatting. The certificate value pulled directly from the XML metadata won't be accepted by Continu without the BEGIN/END CERTIFICATE headers. Run it through the SAML formatter tool before pasting.
Subdomain Mismatch. The SP Entity ID and ACS URL must use your actual Continu subdomain (e.g., company.continu.co, not a placeholder). Mismatch results in authentication failure with no clear error.
Existing User Sessions. Users currently logged into Continu may need to log out and back in for SSO to take effect on their account.
Forgetting to Assign the App in JumpCloud. Creating the SAML application doesn't grant any users access. Users still need to be assigned to the application in JumpCloud after the integration is configured.
Where This Fits
You're here because you're configuring JumpCloud SSO for Continu. For other identity providers, see the related articles. For the broader provisioning context, see Provisioning and Sync: How User Data Flows Into Continu.
See Also
- Provisioning and Sync: How User Data Flows Into Continu — the strategic anchor.
- Setting Up Single Sign On via Okta — Okta-specific setup.
- Single Sign on via Google — Google Workspace setup.
- Single Sign On via OneLogin — OneLogin setup.
- Active Directory (ADFS) using SAML 2.0 — Microsoft ADFS setup.