Enforce Single Sign-On for New Users
Users can log in to Stax either as a local user (with credentials stored in the Stax Identity Service), or using Single Sign-On (SSO). By default, when SSO is enabled, local users are still able to be invited by administrators. This is helpful when inviting users who are unable to utilize your corporate Identity Provider (IdP). In some cases, however, it is desirable to disable this functionality and require that all users authenticate to Stax using SSO.
Enforcing SSO for new users will not impact the ability for existing local users. This is by design to allow for use of a "Break Glass" local account that will function in the event of your corporate IdP being unavailable.
At this time, Stax does not support IdP-initiated sign-ins. You must use SP-initiated sign-in to access Stax.
Before You Begin
- Estimated time to complete: 20 minutes
- Ensure you are a member of the Admin role in Stax
Create a "Break Glass" Account
Consider creating a "Break Glass" account for use in an emergency. This account will continue to function once SSO is enforced for new users, and provides emergency access to Stax in the event that your Single Sign-On provider is unavailable.
- Create a user with appropriate privileges
- Optionally, configure Multi-Factor Authentication for the user to secure it
Enforce Single Sign-On for New Users
This configuration must be changed by Stax on your behalf. Raise a support case to request the change be implemented.
Remove Enforcement of Single Sign-On for New Users
To revert this configuration, raise a support case requesting the configuration be disabled.