Link your Identity Provider - Overview
Learn how to integrate your company's SAML provider to enable Corporate ID login access
Stax integrates with your Corporate ID using SAML. This allows you to bring your own identities and identity management controls to the Stax platform. Stax supports a few different SAML providers, but it should work with just about any SAML provider using the details below.
If you have one of the Identity Providers below, we have detailed instructions that can help you:
If you don't use one of the providers above, you'll need to work with your identity team and provide them the federation information detailed below.
Before You Begin
- You need to be a member of the Admin role in your Stax tenancy to complete this task
We generate your SAML URIs from a well-known format, so you can deduce what they'll be in advance. First, you'll need to determine your <customer-alias> and your <installation-id>.
Your <customer-alias> is the same as you enter at the Stax Console login page shown here. Below, it is mega-corp.
Your <installation-id> can be found by reviewing the URL of the login page after you enter your customer alias, as shown here. It's between your customer alias and staxapp.cloud in the URL. Below, it is au1.
If you're not sure how to get these, simply raise a case in the Stax Console and we'll help you out.
Once you've determined your <customer-alias> and <installation-id>, you can form the URIs required for SAML setup:
|SAML 2.0 Service URL||<entity-id>/broker/saml/endpoint||https://id.security.mega-corp.au1.staxapp.cloud/auth/realms/master/broker/saml/endpoint|
|NameID||Unique identifier for the user||Should generally be in the format of an email address. The NameID claim must contain the Format attribute with a value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. See section 8.3 of Assertions and Protocols for SAML 2.0 for more information.|
|Email address of the user||Used for sending notifications and alerts to the user.|
|firstName||First name of the user||Used for display purposes within the application.|
|lastName||Last name of the user||Used for display purposes within the application.|
|JumaRole||Stax role: customer_admin,customer_user, customer_readonly||The level of access to be granted to the user upon sign-in|
See Stax Roles - Stax Permissions for more information on Stax roles.
Your SAML IdP may ask you for some more information that we've collated below.
- Token Signing Hash Algorithm: SHA-256
- Token Encrypting certificate: Not required
Configure Stax to Allow SAML Sign-In
When you're ready to have Stax configured, you will need to provide us with either your SAML metadata file, or with the ACS URL of your SAML IdP.
Once we've configured SAML on your Stax tenancy, we'll be in touch to let you know that it's ready to be tested.
How Do You Know This Worked?
Next time you navigate to your Stax Console login page, on the right hand side, you'll see a new Corporate ID button. Clicking this button will take you to your SAML sign-in page. Log in to the IdP and you'll be signed into your Stax tenancy.