The following guide will walk you through SSO Setup between and ADFS System, and access into Statuspage's Manage portal via SAML 2.0.
Note: We do not officially support signed Assertions from ADFS.
Start in your Statuspage Team Member Page
Please note that for this setup to be complete, you must first be an existing admin for your Statuspage account.
Log into status page, and navigate to Team Members. Click on the Single Sign-on tab to access your SSO settings. If you do not see this tab, SSO has not been enabled for your account, you can contact us for help!
On top of this form, you'll find a link to service provider Metadata XML file for this Organization. Grab this link, as you'll need it for further configuration in your ADFS Server.
Fill in the 'SSO Target URL' and 'Certificate' fields; these values should be available in your ADFS Configuration.
SSO Target URL: This is the URL where Statuspage will be sending AuthRequests for SP-Initiated SAML
Certificate: Your ADFS signing certificate.
On your ADFS Server
Open your ADFS Management Console, and click Add Relying Party Trust in the Actions menu. When the wizard appears, click Start
On the Select Data Source screen, select the option to Import data about the relying party published online or on a local network, and enter the metadata link we gave you on the Statuspage Configuration screen. Once you've added it, click Next
- This should be all of the information you need, so keep clicking Next until you've completed the wizard.
Next, we'll set up some claim rules. On the Issue Transform Rules tab, click on Add Rule...
On Choose Rule Type, select Send LDAP Attributes as Claims, and click Next
On Configure Claim Rule, we'll start to specify the attributes needed for successful auth into Statuspage. First, enter a name like Statuspage Attributes, and set the Attribute Store to Active Directory. In the LDAP Attrbute column, select Email Address, and then map that to and Outgoing Claim Type of Email Address. Then, click Finish.
Next, we'll need to add a Transform Claim to set the NameID. Click on Add Rule, and select Transform an Incoming Claim from the dropdown menu.
First, name the rule something like Name ID Transform, and set the fields in the modal to the following values (Note that this configuration must match for the integration to work!):
- Incoming claim type: Email Address
- Outgoing claim type: NameID
- Outgoing nameID format: Email
- Select Pass through all claim values
Then, select Finish when you have filled in all of these values.
When you have configured your two rules, your claim rules should look something like this:
And that's it! You've successfully configured ADFS to authenticate into Statuspage.io via SAML 2.0