Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Creating a SAML app in Yandex Identity Hub for integration with Jenkins

Written by
Updated at May 8, 2026

Jenkins is an open-source Java-based software system designed to support continuous software integration.

For your organization's users to be able to authenticate to Jenkins via SAML SSO, create a SAML app in Yandex Identity Hub and configure it both in Yandex Identity Hub and Jenkins.

SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.

Note

For SAML integration, your Jenkins instance must have a valid SSL certificate in place.

To give the users of your organization access to Jenkins:

  1. Create an app in Yandex Identity Hub.
  2. Set up the integration.
  3. Make sure the application works correctly.

Create an app in Yandex Identity Hub

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps.
  3. In the top-right corner, click Create application and in the window that opens:

    1. Select the SAML (Security Assertion Markup Language) single sign-on method.

    2. In the Name field, specify a name for your new app: jenkins-saml.

    3. Optionally, in the Description field, enter a description for the new app.

    4. Optionally, add labels:

      1. Click Add label.
      2. Specify a label in key: value format.
      3. Press Enter.

    5. Click Create application.

  4. Save the Metadata URL value, you will need it at the next step.

Set up the integration

Install the SAML plugin in Jenkins

To configure authentication to Jenkins using SAML, install the SAML plugin:

  1. Log in to Jenkins as a user with administrator privileges.
  2. In the left-hand menu, select Manage Jenkins > Plugins.
  3. Navigate to the Available tab and enter SAML in the search bar.
  4. Locate SAML Plugin and Install it.
  5. Wait for the installation to complete, and restart Jenkins if necessary.

After you install the plugin, a new Security Realm option, SAML 2.0, will appear in the Manage Jenkins > Security section.

Set up the SAML application in Yandex Identity Hub

Set up service provider endpoints

  1. Log in to Yandex Identity Hub.
  2. In the left-hand panel, select Apps and then, the SAML app.
  3. At the top right, click Edit and in the window that opens:
    1. In the **SP EntityID ** field, enter any value, e.g., <jenkins_instance_address>/.
    2. In the ACS URL field, enter <jenkins_instance_address>/securityRealm/finishLogin.
    3. Optionally, in the SP Logout URL field, enter <jenkins_instance_address>/securityRealm/finishLogin.
    4. Click Save.

Configure authentication on the Jenkins side

  1. Log in to Jenkins as a user with administrator privileges.
  2. In the left-hand menu, select Manage Jenkins > Security.
  3. Under Security Realm, select SAML 2.0.
  4. In the IdP Metadata URL field, enter the metadata file address you copied earlier.
  5. In the Display Name Attribute field, enter fullname.
  6. In the Username Attribute field, enter preferred_username.
  7. In the Email Attribute field, enter emailaddress.
  8. Enable the Advanced Configuration option. In the SP Entity ID field, enter the value you specified in the **SP EntityID ** field on the Yandex Identity Hub side, e.g., <jenkins_instance_address>/.
  9. Click Save.

Configure user attributes

Add the preferred_username attribute to users, which will be used as the username when authenticating to Jenkins. Follow these steps:

  1. Log in to Yandex Identity Hub.

  2. In the left-hand panel, select Apps and select the desired app.

  3. Navigate to the Attributes tab.

  4. In the top-right corner, click Add attribute and in the window that opens:

    1. In the Attribute name field, specify preferred_username.
    2. In the Value field, select SubjectClaims.preferred_username.
    3. Click Add.

For more information about configuring attributes, see Configure user and group attributes.

Add a user

For your organization's users to be able to authenticate to Jenkins with Yandex Identity Hub's SAML app, you need to explicitly add these users and/or user groups to the SAML application.

Note

Users and groups added to a SAML application can be managed by a user with the organization-manager.samlApplications.userAdmin role or higher.

  1. Add users to the application:

    1. Log in to Yandex Identity Hub.
    2. In the left-hand panel, select Apps and select the required app.
    3. Navigate to the Users and groups tab.
    4. Click Add users.
    5. In the window that opens, select the required user or user group.
    6. Click Add.

Make sure your application works correctly

To make sure both your SAML app and Jenkins integration work correctly, authenticate to Jenkins as one of the users you added to the app. Follow these steps:

  1. In your browser, navigate to your Jenkins instance address.
  2. You will be redirected to the Yandex Cloud authentication page. Specify the email and password for the user you added to the app. The user must also have their email address specified.
  3. Make sure you have successfully authenticated to Jenkins.
Previous
Sentry
Next
OpenID Connect