Single sign-on for audience-specific pages needs to be enabled by support. Contact support to get this feature turned on for your page. SSO for audience-specific pages does not allow the use of custom domains.

SSO for audience-specific pages allows you to completely lock down your status page to employees only and have them authenticate with existing SSO credentials to both view the page and subscribe to notifications. Statuspage officially supports several identity providers and can integrate with any IdP that speaks SAML 2.0. Below, we list out our supported partners and how to set up a custom SAML application outside of our supported partners.

Note: SSO for audience-specific pages comes with all private status pages. The number of SSO Employees is dependent upon your private page plan.

Supported identity providers setup documentation:

  1. Setting up Okta for SSO Employee Viewers
  2. Setting up OneLogin for SSO Employee Viewers
  3. Setting up PingOne for SSO Employee Viewers
  4. Setting up Bitium for SSO Employee Viewers
  5. Setting up ADFS for SSO Employee Viewers

Set up SAML for page viewers

Note: We do not officially support signed Assertions from ADFS.

The following tutorial will take you through creating a custom SAML application to integrate with Statuspage SSO for Employee Viewers. We'll be creating a custom application within Okta for demonstration purposes. Keep in mind that these steps may differ slightly depending on your IdP setup.

  1. Click your user menu (avatar) in the bottom left of any Statuspage screen.

  2. Click User management.

  3. Click on the Single sign-on tab to access your SSO settings. If you do not see this tab, SSO has not been enabled for your account, you can contact us for help!

  4. Scroll down to Using SAML. On top of this form, you'll see two values; ACS URL / Consumer URL and EntityID/Audience URI. These values will be needed within your IdP.

    • Alternately, you can click on service provider metadata XML file for this Organization to see the raw SAML metadata.

     

Audience-specific setup in Okta

You’ll need to configure your SAML assertion to map to an Audience-specific group. This requires configuration both in Statuspage, as well as in Okta.

When configuring SAML for an audience-specific page, you’ll notice that the Statuspage metadata requires two additional Attributes, one of which is called ‘groups’. When your Statuspage parses an incoming SAML Assertion, it parses out this value to determine what audience-specific group to match against for the incoming user. Configure your SAML assertion to send an Attribute called ‘groups’, which will either contain a group name or other unique identifier.

  1. Navigate to your Okta admin portal and open the Statuspage.io application.

  2. Select the Sign on tab.

  3. Click Edit.

  4. Select Regex in the groups dropdown and add ".*" to the text field next to it. The Regex setting allows filtering and will allow your Okta application to pass the user's group attribute.

  5. Click Save.

  6. Click on the Directory link.

  7. Select Profile Editor.

  8. Select or search for your Statuspage application and click the Edit Profile button.

  9. Click the +Add Attribute button.

  10. In the Display Name and Variable Name fields, enter the word "Groups".

  11. Check the Attribute Required checkbox.

  12. Click Save.

Audience-specific setup in Statuspage

  1. Log in to your Statuspage management portal and select the Audience section. Make sure you are on the Groups tab and click the +Add Group button.

  2. Add a Group Name and the External Identifier from Okta. The External Identifier used here is the Group Name from Okta.

    • The Group Name within Statuspage can be anything, but the External Identifier needs to be the same as the corresponding Group Name within Okta.

  3. Open an Incognito/private browser window (this will ensure cached settings are not used) and navigate to your Statuspage. This will bring up the Okta login window.

  4. Login with the credentials of a user that belongs to the Group that was just created in Statuspage. If the setup and configuration is correct, the user will be logged in.

You've enabled single sign-on for your audience-specific Statuspage account.

Troubleshooting

The most common issue encountered when setting up SSO for audience-specific pages displays the following screen when a user attempts to login.

This means that the user is not associated with an audience-specific group that is authorized to view your Statuspage. The main step to resolve this would be to ensure that the user is part of a Group in Okta that has been set up in Statuspage as well.

If you experience issues with the setup of Okta SSO for your audience-specific environment, please contact us.