Single sign-on for private pages allows you to completely lock down your status page to employees/viewers only and have them authenticate with existing SSO credentials to both view the page and subscribe to notifications. Statuspage officially supports several identity providers and can integrate with any IdP that speaks SAML 2.0. Below, we list out our supported partners and how to set up a custom SAML application outside of our supported partners.

Note: Single sign-on for private pages comes with all private status pages. The number of SSO Employees is dependent upon your private page plan.

Supported identity providers setup documentation:

  1. Setting up Okta for SSO Employee Viewers
  2. Setting up OneLogin for SSO Employee Viewers
  3. Setting up PingOne for SSO Employee Viewers
  4. Setting up Bitium for SSO Employee Viewers
  5. Setting up ADFS for SSO Employee Viewers

Set up SAML for page viewers

Note: We do not officially support signed Assertions from ADFS.

The following tutorial will take you through creating a custom SAML application to integrate with Statuspage SSO for Employee Viewers. We'll be creating a custom application within Okta for demonstration purposes. Keep in mind that these steps may differ slightly depending on your IdP setup.

  1. Click Your page in the left sidebar.

  2. Click Authentication from the second menu that opens in the left sidebar.
  3. Click Configure next to SAML.

  4. Scroll down to Using SAML. On top of this form, you'll see two values; ACS URL / Consumer URL and EntityID/Audience URI. These values will be needed within your IdP.

    • Alternately, you can click on service provider metadata XML file for this Organization to see the raw SAML metadata.

     

On your ADFS Server
  1. Open your ADFS Management Console.

  2. Click Add Relying Party Trust in the Actions menu.

  3. Click Start when the wizard appears.

  4. Select the option to Import data about the relying party published online or on a local network on the Select Data Source screen.

  5. Enter the metadata link you copied from the Statuspage configuration screen.

  6. Click Next until you've completed the wizard.

Next, we'll set up some claim rules.

  1. On the Issue Transform Rules tab, click Add Rule.

  1. Select Send LDAP Attributes as Claims.

  2. Click Next. On Configure Claim Rule, we'll start to specify the attributes needed for successful auth into Statuspage. 

  3. Enter a name like Statuspage Attributes, and set the Attribute Store to Active Directory.

  4. In the LDAP Attrbute column, select Email Address, and then map that to an Outgoing Claim Type of Email Address.

  5. Click Finish.

    Next, we'll add a Transform Claim to set the NameID.
  6. Click Add Rule, and select Transform an Incoming Claim from the dropdown menu.

  7. Name the rule something like Name ID Transform, and set the fields in the modal to the following values (Note that this configuration must match for the integration to work!):

    • Incoming claim type: Email Address
    • Outgoing claim type: NameID
    • Outgoing nameID format: Email
    • Select Pass through all claim values

     

  8. Select Finish when you have filled in all of these values.

  9. When you have configured your two rules, your claim rules should look something like this:

You have enabled single sign-on for your Statuspage account.