Enabling Single Sign-On in Threat Stack
This process walks you through configuring, verifying, and enabling SSO for Threat Stack using SAML 2.0 Authentication.
IMPORTANT: If you use a personal email account, that is not recognized by your company, you will lose access and no longer be able to login to Threat Stack after enabling SSO.
Configuring your Identity Provider
A part of enabling SSO in Threat Stack involves configuring the identity provider (IdP) and Threat Stack to connect with each other properly.
REMINDER: You must be your IdP admin to configure your identity provider.
IMPORTANT: If your organization has more than one Threat Stack organization, contact support to enable SSO.
You need to Configure IdP to recognize Threat Stack using the following necessary configuration parameters:
- SSO Assertion Consumer Service URL (ACS URL): https://app.threatstack.com/sso/saml/callback
- Audience URI (SP Entity ID): https://app.threatstack.com
- ACS (Consumer) URL Validator - OneLogin Specific:^https:\/\/app\.threatstack\.com\/sso\/saml\/callback$
- Name ID format: Email address
- Username: Email address
Sample IdP configuration setup guides:
Configuring Threat Stack
You must be an organization owner to implement SSO for your organization.
1) In Threat Stack, access the SETTINGS page
Result: The Settings display.
2) Click the Authentication tab
Result: The Authentication tab displays the SSO form.
3) After you configure your IdP to recognize Threat Stack, enter the following information into the Authentication form fields:
- Identity Provider SAML 2.0 URL
- Identity Provider Issuer URL
4) Upload your Public X.509 Certificate file
5) Click the Continue button.
Result: A confirmation message displays.
6) Review the confirmation message.
IMPORTANT: Before clicking the Proceed button if you, or another user, uses an email address, such as a personal account, that is not recognized by your company then you will lose access and no longer be able to login to Threat Stack after enabling SSO.
7) Click the Proceed and Enable Single Sign-On button.
Result: Success! You have enabled Single sign-on for your organization. A confirmation displays.
8) Click the Log Out button.
9) Log back into Threat Stack, you will be directed to authenticate through your organization’s IdP.
Congratulations, you have enabled SSO for your Threat Stack organization and authenticated your account. You will receive 2 follow up emails and your team will receive a notification of SSO enablement for your company.
NOTE: Users do not have to update their Threat Stack accounts until their current session ends. When their current session ends, the next time they sign in, Threat Stack directs them to authenticate using your organization’s IDP.
To disable this feature contact the support team.