> ## Documentation Index
> Fetch the complete documentation index at: https://hoopdev-docs-improve-idp-sso-pages.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# JumpCloud

## Requirements

* An [admin account in JumpCloud](https://console.jumpcloud.com)
* `API_URL` is the public DNS name of the hoop gateway instance

Contact the administrator of the hoop gateway instance to retrieve the `API_URL` address.

## Identity Provider Configuration

<Steps titleSize="h3">
  <Step title="Create an Application">
    Login with your account at [https://console.jumpcloud.com/](https://console.jumpcloud.com/)

    * Go to SSO and click on the Add New Application button

    * Select Custom OIDC App button on the footer of the page

    * Pick a name, and an optional description

    * In SSO tab
      * Add the Redirect URLs to `{APIURL}/api/callback `
      * Add the Login URL: to `{APIURL}/login `
  </Step>

  <Step title="Attribute Mapping">
    * Still in the SSO tab, select the standard scopes `Email` and `Profile `
    * (optional) In the Groups attribute, select include groups attribute and label it [https://app.hoop.dev/groups](https://app.hoop.dev/groups)
  </Step>

  <Step title="Collect the Credentials">
    * Click activate
    * Copy both **Client ID** and **Client Secret**

    <Info>
      The secret cannot be retrieved later. Make sure you copy and store it now.
    </Info>
  </Step>

  <Step title="Collect Issuer Information">
    The issuer is fixed to `https://oauth.id.jumpcloud.com/`.
  </Step>
</Steps>

## Configure Hoop Gateway

<Info>
  JumpCloud validates authentication via the userinfo endpoint rather than JWT token validation. No special configuration is required for this — it is handled automatically.
</Info>

<Tabs>
  <Tab title="Web App">
    Go to **Integrations** > **Authentication** and fill in:

    * **Auth Method**: OIDC
    * **Issuer URL**: `https://oauth.id.jumpcloud.com/`
    * **Client ID**: the Client ID from above
    * **Client Secret**: the Client Secret from above
    * **Groups Claim**: `https://app.hoop.dev/groups` (if groups attribute was configured)
  </Tab>

  <Tab title="API">
    ```sh theme={null}
    curl -X PUT {API_URL}/api/serverconfig/auth \
      -H "Api-Key: {API_KEY}" \
      -H "Content-Type: application/json" \
      -d '{
        "auth_method": "oidc",
        "provider_name": "jumpcloud",
        "oidc_config": {
          "issuer_url": "https://oauth.id.jumpcloud.com/",
          "client_id": "{CLIENT_ID}",
          "client_secret": "{CLIENT_SECRET}",
          "groups_claim": "https://app.hoop.dev/groups"
        },
        "webapp_users_management_status": "active"
      }'
    ```
  </Tab>
</Tabs>

## Associating User Groups

To propagate groups to Hoop, create a new group

* Go to User Groups > Create Group and provide a name and description
* Go to Users tab and mark the users that you wish to add in this new group
* Go to Applications tab and mark your custom oidc app
* Click in Save