Enabling Single Sign-On in Threat Stack
This process walks you through configuring, verifying, and enabling SSO for Threat Stack using SAML 2.0 Authentication.
Threat Stack has a oneLogin SAML app. Use this OneLogin specifc configuration guide for setting up SSO with OneLogin
IMPORTANT: If you use a personal email account, that is not recognized by your company, you will lose access and no longer be able to login to Threat Stack after enabling SSO.
Configuring your Identity Provider
A part of enabling SSO in Threat Stack involves configuring the identity provider (IdP) and Threat Stack to connect with each other properly.
REMINDER: You must be your IdP admin to configure your identity provider.
IMPORTANT: If your organization has more than one Threat Stack organization, contact support to enable SSO.
You need to Configure IdP to recognize Threat Stack using the following necessary configuration parameters:
- SSO Assertion Consumer Service URL (ACS URL): https://app.threatstack.com/sso/saml/callback
- Audience URI (SP Entity ID): https://app.threatstack.com
- ACS (Consumer) URL Validator - OneLogin Specific:^https:\/\/app\.threatstack\.com\/sso\/saml\/callback$
- Name ID format: Email address
- Username: Email address
Sample IdP configuration setup guides:
Configuring Threat Stack
In the Threat Stack application, log in and begin following the instruction set.
NOTE: You must be an organization owner to implement SSO for your organization.
1) Navigate to the Settings page and open the Authentication tab to display the SSO form.
2) After you configure your IdP to recognize Threat Stack, paste the values into the SSO form fields:
- Identity Provider SAML 2.0 URL (Single Sign-On URL)
- Identity Provider Issuer URL (Entity ID)
3) Upload your Public X.509 Certificate file
4) Click the Continue button, a confirmation message displays.
5) Review the confirmation message and click the Proceed and Enable Single Sign-On button.
IMPORTANT: Before clicking the Proceed button if you, or another user, uses an email address, such as a personal account, that is not recognized by your company then you will lose access and no longer be able to login to Threat Stack after enabling SSO.
6) Success! You have enabled Single sign-on for your organization. Click the Log Out button.
7) Log back into Threat Stack, you will be directed to authenticate through your organization’s IdP.
Congratulations, you have enabled SSO for your Threat Stack organization and authenticated your account. You will receive 2 follow up emails and your team will receive a notification of SSO enablement for your company.
NOTE: Users do not have to update their Threat Stack accounts until their current session ends. When their current session ends, the next time they sign in, Threat Stack directs them to authenticate using your organization’s IDP.
To disable this feature contact the support team.