## Create SAML application with Jumpcloud

This guide outlines the steps to create and configure a SAML application in Jumpcloud, including setup, user assignments, and metadata submission.

### Step 1: Create SAML application

1. Log in to your Jumpcloud Application and click on **Add New Application** under the **SSO Applications** section.


![jumpcloud](/assets/jumpcloud-1.f86fce74f740bba55a5bb87022aa40ed8c424fbe5a9f4475aeb12250521c4ac3.dba07de7.png)

1. On the applications page, select **Custom Application**.


![jumpcloud](/assets/jumpcloud-2.2b01c1c35da326001752c1abb883af23ca16fb81f09452f15512d836f56a1c5f.dba07de7.png)

1. Choose **SSO with SAML** and click on **Next**.


![jumpcloud](/assets/jumpcloud-3.344f74b6012430fd1c7caceddd8db4383132d988d0ec9cebe4359067fb248d34.dba07de7.png)

1. Enter the name of your application, then click **Save Application**.


![jumpcloud](/assets/jumpcloud-4.17e34ea13abba20e4521260ec09dcb82fa0f6b3110a8b9ee475c3266060bc3b3.dba07de7.png)

1. Click on **Configure Application** and proceed to next step.


![jumpcloud](/assets/jumpcloud-5.9353e88d5c10ce4c84e9f12b354d7ea533729de1b4edb30aed542ee92f26fed9.dba07de7.png)

1. Copy and paste the values into the relevant fields in the **Single Sign-On Configuration** section. **SP Entity ID** and **IdP Entity ID** should use the value from **Audience URI**, below.


![jumpcloud](/assets/jumpcloud-6.68fa5e3f52fd5a5e9c2a595692b5eeba9db8a6b646aecfa95a0d9d5152ef779b.dba07de7.png)

![jumpcloud](/assets/jumpcloud-7.abc49cfa04251294b29f44c21db5fb990d69608664e8c5ed37990fab3c5cd550.dba07de7.png)

### Step 2: Fill attribute statements (optional)

1. Scroll down on the **SSO** section and select to **Declare Redirect Endpoint**.


![jumpcloud](/assets/jumpcloud-8.19218b0ead44e7da452c94bbd52493139db55f8cdca529c85c7e6b8f152e5031.dba07de7.png)

1. Under **Attributes (optional)** configuration in SSO Settings, fill in the following Attribute Statements and click **save**:


![jumpcloud](/assets/jumpcloud-9.c4b84e832401a1268b44832503827619804fc66e7e336c5f905f9fb05b322e5d.dba07de7.png)

![jumpcloud](/assets/jumpcloud-10.ce5e8c777f22239c04dbac64fcc1ead95099ff2e716b1595710e93117193df45.dba07de7.png)

### Step 3: Assign users

1. Switch to the **User Groups** tab, choose the user groups that will have access to this application and click **save**.


![jumpcloud](/assets/jumpcloud-11.8bff53d410bff4c5bbc1990fcfc3b5810bdb0f7dabe49064c36caae4dfa3256e.dba07de7.png)

### Step 4: Submit metadata

To complete the implementation of SAML SSO, you need to provide the application with your identity provider's metadata.

#### Automatic configuration

1. Click on the **SSO** tab of the SAML app you just created.
2. Click on **Copy Metadata URL** and paste it below.


![jumpcloud](/assets/jumpcloud-12.bf1a0aa8306930c0ccfc2638d5d9285fac2e86195045a63ebe36e470811ad788.dba07de7.png)

![jumpcloud](/assets/jumpcloud-13.7b7280f6e66fbb587c2876f03bfbbccf8f9c3d925f7c80338e54f80ad2622a74.dba07de7.png)

#### Manual configuration

1. Click on the **SSO** tab of the SAML app you just created.
2. Copy the **IDP URL** and paste in the **SSO Endpoint** field below.
3. Download the **IDP Certificate** and paste **its content** into the **Public Certificate** section.


![jumpcloud](/assets/jumpcloud-14.4afaf4eda414803a14418d763871dcda293e6b0d0d668cf642af2114120bc6be.dba07de7.png)

![jumpcloud](/assets/jumpcloud-15.b54e6b532dbeafe5730b170393407ed9e55f4b888d993fb0fe69eb28d0566677.dba07de7.png)

### Step 5: Proceed with domain claiming and role assignment

1. Click on **Proceed with domain claiming and role assignment** to confirm the completion the configuration of the IDP form.
2. Follow the instructions in the [Self-service SAML configuration](/ciam/guides/authentication/sso/self-service/saml#claim-domain) guide to complete this step and manage authorization.