To set up SSO using the SAML protocol, you need to connect to the SAML 2.0 integration.
Before you begin
To successfully set up the SAML 2.0 integration, you’ll need a user with an admin role on Deel.
Step 1. Set up the SAML 2.0 Connector Integration
To set up the SAML 2.0 Connector Integration:
1. Select the More icon and click on the Apps tab.
2. Search for SAML 2.0 and click Connect SAML 2.0.
Keep this screen open, as you will need to get the URL from JumpCloud shortly.
Step 2. Set up a new JumpCloud application
To enable Deel to authenticate users via JumpCloud using the SAML 2.0 SSO protocol, follow these steps to create a new application in JumpCloud:
1. In the Administrator Portal, navigate to the Application page by clicking on SSO Applications.
2. Click Add New Application.
3. Search for the SAML 2.0 application created by JumpCloud, Inc. and click Next.
4. Enter the display name for the application and ensure Show this application in User Portal is checked.
5. Click Save Application and then Configure Application.
6. Click on SSO and Copy Metadata URL to your clipboard.
7. Paste this URL in the Metadata URL field on Deel’s SAML 2.0 configuration screen.
8. Still in Deel's SAML setup, add an Entity ID (either text or URL to identify this integration in your Identity Provider) and click Connect & Go to Settings.
9. Enter this exact Entity ID in JumpCloud set up for both fields: IdP Entity ID & SP Entity ID.
10. Once the SAML Integration is connected in Deel, give it a name, and copy the Redirect URL.
This URL will be used in the JumpCloud configuration.
11. Go back to the JumpCloud > SSO Application configuration.
On the SSO tab, scroll down to the “ACS URLs” and paste the Redirect URL from Deel and click Save.
12. Specify the user groups that will have access to the SSO Application. Use the User Groups tab to assign roles.
Now, all users in the selected user group within the organization in Deel will be able to log in using the SSO Application.
13. Back in Deel's SAML 2.0 settings screen, click Enable to enable SSO for your organization.
Once enabled, SSO will be required for all employees to log in.
To disable SSO at any time, go back to this integration and click More > Disconnect.