Link your Identity Provider - Overview

Learn how to integrate your company's SAML provider to enable Corporate ID login access

Article Tags
On This Page
Provider-Specific DirectionsBefore You BeginService URIsClaimsOther StuffConfigure Stax to Allow SAML Sign-InHow Do You Know This Worked?See also

Stax integrates with your Corporate ID using SAML. This allows you to bring your own identities and identity management controls to the Stax platform. Stax supports a few different SAML providers, but it should work with just about any SAML provider using the details below.

Provider-Specific Directions

If you have one of the Identity Providers below, we have detailed instructions that can help you:

If you don't use one of the providers above, you'll need to work with your identity team and provide them the federation information detailed below.

Before You Begin

  • You need to be a member of the Admin role in your Stax tenancy to complete this task

Service URIs

We generate your SAML URIs from a well-known format, so you can deduce what they'll be in advance. First, you'll need to determine your <customer-alias> and your <installation-id>.

Your <customer-alias> is the same as you enter at the Stax Console login page shown here. Below, it is mega-corp.

Customer Alias

Your <installation-id> can be found by reviewing the URL of the login page after you enter your customer alias, as shown here. It's between your customer alias and staxapp.cloud in the URL. Below, it is au1.

Installation ID

If you're not sure how to get these, simply raise a case in the Stax Console and we'll help you out.

Once you've determined your <customer-alias> and <installation-id>, you can form the URIs required for SAML setup:

Claims

Claim TypeContentsRemarks
NameIDUnique identifier for the userShould generally be in the format of an email address. The NameID claim must contain the Format attribute with a value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. See section 8.3 of Assertions and Protocols for SAML 2.0 for more information.
emailEmail address of the userUsed for sending notifications and alerts to the user.
firstNameFirst name of the userUsed for display purposes within the application.
lastNameLast name of the userUsed for display purposes within the application.
JumaRoleStax role: customer_admin,customer_user, customer_readonlyThe level of access to be granted to the user upon sign-in

See Stax Roles - Stax Permissions for more information on Stax roles.

Other Stuff

Your SAML IdP may ask you for some more information that we've collated below.

  • Token Signing Hash Algorithm: SHA-256
  • Token Encrypting certificate: Not required

Configure Stax to Allow SAML Sign-In

When you're ready to have Stax configured, you will need to provide us with either your SAML metadata file, or with the ACS URL of your SAML IdP.

Once we've configured SAML on your Stax tenancy, we'll be in touch to let you know that it's ready to be tested.

How Do You Know This Worked?

Next time you navigate to your Stax Console login page, on the right hand side, you'll see a new Corporate ID button. Clicking this button will take you to your SAML sign-in page. Log in to the IdP and you'll be signed into your Stax tenancy.

Choose Your Login Provider

See also