*Important note: First, check to see what account you are currently using to access Statuspage. You are either using an Atlassian account or a Statuspage account.

Click your avatar in the bottom left of your screen to access your user menu. Click Profile and look for the note You are using Statuspage with an Atlassian account. If you see this note, skip to the For Atlassian account users section of this document for instructions.

 

For Statuspage users without an Atlassian account

This first set of instructions is for users who are using a Statuspage account (therefore are not using an Atlassian account).

Single sign-on allows Statuspage team members to access the account using their existing single sign-on credentials within an identity provider (IdP) such as Okta, OneLogin, or Ping Identity. Statuspage officially supports several identity providers and can integrate with any IdP that speaks SAML 2.0. Below, we list out our supported partners and how to set up a custom SAML application outside of our supported partners.

Note: Single sign-on for team members comes with all private pages and Startup and higher plans for public pages.

Supported identity providers setup documentation:

  1. Setting up Okta for SSO Team Members

  2. Setting up OneLogin for SSO Team Members

  3. Setting up PingOne for SSO Team Members

  4. Setting up Bitium for SSO Team Members

  5. Setting up ADFS for SSO Team Members

Set up SAML for team member login

The following steps will take you through creating a custom SAML application to integrate with Statuspage team members. We'll be creating a custom application within Okta for demonstration purposes. Keep in mind that these steps may differ slightly depending on your IdP setup.

You must also invite the user to be a team member inside of Statuspage before they can sign in. We do not support "Just-in-time" provisioning of team member accounts.

  1. Click your user menu (avatar) in the bottom left of any Statuspage screen.

  2. Click User management.

  3. Click on the Single sign-on tab to access your SSO settings. If you do not see this tab, SSO has not been enabled for your account, you can contact us for help!

  4. Scroll down to Using SAML.

  5. Add the Statuspage application in your identity provider - On top of this section, you'll see two values; ACS URL / Consumer URL and EntityID/Audience URI. These values will be needed within your IdP.

    • Alternately you can click service provider metadata XML file for this Organization to see the raw SAML metadata.

 

6. Fill in the 'SSO Target URL' and 'Certificate' fields; these values are available in your ADFS Configuration.

  • SSO Target URL: This is the URL where Statuspage will be sending AuthRequests for SP-Initiated SAML.
  • Certificate: Your ADFS signing certificate. 
On your ADFS Server
  1. Open your ADFS Management Console

  2. Click Add Relying Party Trust in the Actions menu.

  3. Click Start when the wizard appears.

  4. Select the option to Import data about the relying party published online or on a local network on the Select Data Source screen.

  5. Enter the metadata link you copied from the Statuspage Configuration screen.

  6. Click Next until you've completed the wizard.

Next, we'll set up some claim rules.

  1. Click Add Rule... in the Issue Transform Rules tab.
  2. Select Send LDAP Attributes as Claims from the Claim rule template dropdown menu.
  3. Click Next.

On Configure Claim Rule, we'll start to specify the attributes needed for successful auth into Statuspage.

  1. Enter a name like "Statuspage Attributes".
  2. Set the Attribute Store to Active Directory.
  3. In the LDAP Attrbute column, select Email Address, then map that to an Outgoing Claim Type of Email Address.
  4. Click Finish.

Next, we'll need to add a Transform Claim to set the NameID.

  1. Click Add Rule.
  2. Select Transform an Incoming Claim from the dropdown menu.

3. Name the rule something like Name ID Transform, and set the fields in the modal to the following values (Note that this configuration must match for the integration to work!):

  • Incoming claim type: Email Address
  • Outgoing claim type: NameID
  • Outgoing nameID format: Email
  • Select Pass through all claim values

4. Select Finish when you have filled in all of these values.

When you have configured your two rules, your claim rules should look something like this:

And that's it! You've successfully configured ADFS to authenticate into Statuspage.io via SAML 2.0


For Atlassian account users

If you see the note You are using Statuspage with an Atlassian account when you click your avatar > Profile, follow the instructions in this section to set up SAML single sign-on for your organization.

 

With an Atlassian account, you can log in to any Atlassian products. See this documentation for more information about your Atlassian account.

Atlassian Access required

Setting up SAML with your identity provider requires you to set up Atlassian Access for your organization. Atlassian Access is a subscription that enables visibility and security across all Atlassian accounts and products at your company. You’ll have one place to manage your users and enforce security policies so your business can scale with confidence.

If SSO is included in your pricing plan, Statuspage users are not billable (free) for Access. You may need however to pay for Access if it is used across multiple Atlassian products.

1. Start in Statuspage

>>Note that during the time it takes to configure SAML single sign-on, users won't be able to log in to your Atlassian Cloud products. Consider scheduling a day and time for the changeover to SAML, and alerting your users in advance.

  1. Click your user menu (avatar) in the bottom left of any Statuspage screen.

  2. Click User management.

  3. Click on the Single sign-on tab to access your SSO settings. If you do not see this tab, SSO has not been enabled for your account, you can contact us for help!

    1. <Insert screenshot of page here>

  4. Click Manage next to SAML single sign-on. You will be taken to Atlassian administration.

  5. Go to Security > SAML single sign-on and click the Learn more button (pictured below).

6. Click Try it free for 30 days to begin your Atlassian Access trial and set up Atlassian Access for your organization.

2. Follow your identity provider’s instructions

If your identity provider is in the following table, then follow the link to their instructions for setting up SAML single sign-on.

 

Identity provider Set up instructions
AD FS Configure SAML single sign-on with Active Directory Federation Services (AD FS) 
Azure See: the Azure help page and the Atlassian cloud product
Google Cloud Set up SSO via SAML for Atlassian Cloud
Idaptive (formerly Centrify) Help page
Okta How to Configure SAML 2.0 for Atlassian Cloud
OneLogin See The OneLogin help page and The OneLogin app

Note: You'll need to be logged in to OneLogin to see those pages.

 

If you don't see your identity provider in the table, you can still set up SAML single sign-on with this documentation.