Require SAML for Admin Logins

SSO for Admin Team Members allows Statuspage Team Members to access the dashboard using their existing SSO credentials within an identity provider (IdP) such as Okta, OneLogin, or Ping Identity. Statuspage officially supports several identity providers and can integrate with any IdP that speaks SAML 2.0. Below, we list out our supported partners and how to set up a custom SAML application outside of our supported partners.

Note: SSO for Team Members comes with all private pages and comes on Startup and higher plans for public pages.

Integrating With Officially Supported Identity Providers

  1. Setting up Okta for SSO Team Members
  2. Setting up OneLogin for SSO Team Members
  3. Setting up PingOne for SSO Team Members
  4. Setting up Bitium for SSO Team Members
  5. Setting up ADFS for SSO Team Members

Integrating With a Custom Identity Provider

The following tutorial will take you through creating a custom SAML application to integrate with StatusPage Admin Team Members. We'll be creating a custom application within Okta for demonstration purposes. Keep in mind that these steps may differ slightly depending on your IdP setup.

Start in your StatusPage Team Member Page

Please note that for this setup to be complete, you must first be an existing admin for your Statuspage account.

  1. Log into status page, and navigate to Team Members. Click on the Single Sign-on tab to access your SSO settings. If you do not see this tab, SSO has not been enabled for your account, you can contact us for help!

  2. Scroll down to Using SAML. On top of this form, you'll see two values; ACS URL / Consumer URL and EntityID/Audience URI. These values will be needed within your IdP. Alternately you can click on service provider metadata XML file for this Organization to see the raw SAML metadata.

  3. If you prefer to work with raw metadata, click service provider metadata XML file for this Organization.

Continue Setup Within Your Identity Provider
  1. Within your IdP, you'll first need to create a custom application. Here's what this looks like within Okta.

  2. Now you can begin setting up the custom application. The necessary fields within any IdP will typically be:

    • Name: 'Statuspage Team Member SSO'
    • Single Sign on URL: https://manage.statuspage.io/sso/saml/consume (https://manage.statuspage.io/sso/saml/consume)
    • Audience URI (Entity ID): This will be unique for your account, and come from the EntityID field in the XML file we provide.
    • You may also encounter fields asking for formatting such as email or username. For Okta, these are the fields. Feel free to get in touch if you have any questions with your particular setup.

      • Name ID Format: Select EmailAddress from the dropdown menu
      • Application Username: Select Okta username from the dropdown menu

  3. Once you've finished configuring your app with the appropriate XML information, you'll need to grab the certificate information generated by your IdP to paste into the Statuspage dashboard. To do this within Okta, you can click on View Setup Instructions within your newly created application, where a new tab will open with the application's sign on data.

  4. In the newly opened tab, you'll see the sign on data necessary for your application. Pay close attention to Identity Provider Single Sign-On URL and X.509 Certificate, as you'll need to enter these in the Manage Account section of your Statuspage.

Finish setup in the Status Page Admin
  1. To complete the setup, navigate back to your SSO Controls in your Statuspage admin portal. Click on Team Members, and then on Single Sign-on to access your SSO settings.

  2. Fill in the SSO Target URL field with the Identity Provider Single Sign-On URL value, provided by your IdP. Then, fill in Certificate with the corresponding value from the IdP. * Be sure to include the header and footer lines when pasting your X.509 Certificate!*

  3. Click Save Configuration, and your application is now configured to use Single Sign-on!

Assigning Users to your Application

Now that your custom application is configured, all you have to do is assign users to it so that you can access the app. Note that since you have just configured an admin account, only Team Members who have existing Statuspage accounts will be able to log into Statuspage.

  1. Return to your IdP admin portal, and navigate to the right place to provision users for an application.

  2. Within Okta, you will see a modal with all of your available users. To grant access, click Assign for a specific user, and Done when you're finished. This should be fairly similar for other IdP's as well.

Congratulations! You have just enabled Single Sign-on for your Statuspage account. You can still login through Statuspage, and also through your list of available apps within your IdP!