Troubleshoot Single Sign-On

Troubleshoot common issues with Single Sign-On to Stax.

Article Tags
On This Page
Validate The Claim AttributesLocating LogsLinking Existing UsersSee also

Stax integrates with your corporate identity using SAML. Some resolutions to common problems with SAML single sign-on are found below.

Validate The Claim Attributes

For Stax to be able to process the claim from an identity provider, the claim needs to have the following attributes:

  • email
  • firstName
  • lastName
  • Role

These attributes are case sensitive, and if attribute names are incorrectly formatted then federated login will fail. For specific information on setup for your identity provider, see Stax Single Sign-On.

Locating Logs

Once a single sign-on solution is linked with Stax, logs can be found in your Stax-managed security account.

These logs are available as a CloudWatch Log Group named /ecs/<stax-installation>/idam.

Linking Existing Users

Before configuring single sign-on, you may have created Stax Users that use the same email address as federated users. When these users first log in after SSO is configured, they'll be prompted to Add to your existing account. The user will receive a verification email containing a link to confirm their ownership of the email address.

Once the user has clicked this link, they can navigate back to the Stax Console and log in via the single sign-on provider.

See also