SSO FAQ & Troubleshooting Guide

Organization Owner

I set up Threat Stack and invited a user through my Identity Provider (IdP) and they can’t get in?

An IdP invitation does not replace the need for a Threat Stack invitation. You have to provision users in IdP and send them an invitation through Threat Stack.

Why did I lose access to organizations, in which I am a user, after I converted the organization I own to SSO?

For security reasons, Threat Stack does not allow users to authenticate into multiple organizations that have different authentication protocols.

If you are a user of multiple organizations that have different authentication protocols, and you convert the organization you own to SSO, Threat Stack removes you from the other organizations.

Why was a user revoked from my organization after I converted it to SSO?

For security reasons, Threat Stack removes a user from the SSO converted organization if that user belongs to a Threat Stack Organization in which the authentication protocol differs from that of the organization being converted.

Everyone

Why can't I send a user an invite to my Threat Stack organization?

For security reasons, Threat Stack will not send an invitation to users that have been identified as outside of your IdP.

When I enter my email, I am automatically logged in, but not as the user with the email I entered into the sign-in. Why does this happen?

Identity Providers cookie very aggressively. If you, or someone else, has logged in as a different user, and that user also exists in Threat Stack, your IdP automatically tells Threat Stack to log you in as the user associated with your current IdP session.

To fix this and login as yourself, you can:

  • Open a new incognito window
  • Clear your cookies at the IdP and Threat Stack

Identity Providers typically support mappings from a user in the Identity Provider to an email address for a user in the Service Provider (Threat Stack). Using custom mappings, an email address in the IdP can be mapped to a user with a different email address in Threat Stack.

We recommend that users use the same email address in your IdP as in Threat Stack.

We enabled SSO for Threat Stack, why am I getting redirected to log in through the basic Threat Stack log in page?

As part of the authentication process, Threat Stack uses cookies and you may still be cookied to through the OAuth authentication path.

We recommend that you:

  • Open a new incognito window
  • Clear your cookies at the IdP and Threat Stack

Why am I stuck at the Threat Stack login page?

Use case: I entered my email, was redirected to my IdP, and I logged in successfully. I was redirected to Threat Stack and now I'm stuck at the login page.

You may not have received an invitation to Threat Stack for your SSO email address. Have your Organization Owner send you a Threat Stack invitation so you can create a new account associated with you SSO email address..

If no one in your organization can access Threat Stack, this suggests that the SSO was misconfigured for your Threat Stack Account and you should contact our support team.

Why am I stuck in an infinite loop between my IdP and Threat Stack?

This suggests that the Threat Stack IdP application was misconfigured, particularly the ACS Redirect Url. Contact your identity provider admin to check IdP configurations.

I have multiple organizations. How do I convert them all to SSO?

At this time, converting multiple organizations to SSO requires help from a Threat Stack support team member.

I was added to my IdP but I can’t login?

Threat Stack compares users within our application to users authorized in the IdP. To access Threat Stack you must be listed in both places, or we block you from logging in.

If the email you use for Threat Stack does not match your email in your IdP, contact support.

I was added to Threat Stack but I can’t login?

Threat Stack compares users within our application to users authorized in the IdP. To access Threat Stack you must be listed in both places, or we block you from logging in.

Have more questions? Submit a request

0 Comments

Article is closed for comments.