SAML-based single sign-on (SSO) gives your team members access to Threat Stack through an identity provider (IDP) of your choice.
A list of the identity providers that we’ve partnered with can be found in the How To Configure SSO article.
Configuring SAML SSO in OneLogin
In the OneLogin application, log in and begin following the instruction set:
1. From the Home page, click Apps tab and then click the Add Apps menu option.
2. Using the Search field, search for “Threat Stack”.
3. Select the Threat Stack version that supports SAML2.0.
4. On the Configuration tab, click the Save button to add the app to your Company Apps and display additional configuration tabs.
5. On the Configuration page, open the SSO tab.
6. On the SSO tab, download the X.509 Certificate (Public Certificate file). To download the certificate:
- Click the View Details link, the SAML Cert page displays.
- Click the Download button.
7. Navigate back to the SSO tab by clicking the <-SAML Cert link.
8. Copy the two SAML values that you need to provide to Threat Stack:
- Issuer URL - the Identity Provider SAML 2.0 URL in Threat Stack
- SAML 2.0 Endpoint (HTTP) - the Identity Provider Issuer URL in Threat Stack
Next you need to access your Threat Stack application, paste the URLs into the Authentication tab, and upload the Public Certificate.
Enter SSO Information in Threat Stack
Navigate to the Settings page and open the Authentication tab.
1. Paste the two SAML values that you copied from OneLogin:
- Identity Provider SAML 2.0 URL
- Identity Provider Issuer URL
2. Upload the X.509 Certificate in the Upload your Public Certificate file section.
3. Click the Continue button, a confirmation message displays.
4. Review the confirmation message and click the Proceed and Enable Single Sign-On button.
IMPORTANT: Before clicking the Proceed button if you, or another user, uses an email address, such as a personal account, that is not recognized by your company then you will lose access and no longer be able to login to Threat Stack after enabling SSO.
Success! You have enabled Single sign-on for your organization.
5. Click the Log Out button.
6. Log back into Threat Stack, you will be directed to authenticate through your organization’s IdP.
Congratulations, you have enabled SSO for your Threat Stack organization and authenticated your account. You will receive 2 follow up emails and your team will receive a notification of SSO enablement for your company.
NOTE: You, and other members of your organization, do not have to update your Threat Stack accounts until your current session ends. When the current session ends, the next time you sign in, Threat Stack directs you to authenticate using your organization’s IDP.