Troubleshoot Single Sign-On
Stax integrates with your corporate identity using SAML. Some resolutions to common problems with SAML single sign-on are found below.
Validate The Claim Attributes
For Stax to be able to process the claim from an identity provider, the claim needs to have the following attributes:
- firstName
- lastName
- Role
These attributes are case sensitive, and if attribute names are incorrectly formatted then federated login will fail. For specific information on setup for your identity provider, see Single Sign-On.
Locating Logs
Once a single sign-on solution is linked with Stax, logs can be found in your security account.
These logs are available as a CloudWatch Log Group named /ecs/<stax-installation>/idam.
Linking Existing Users
Before configuring single sign-on, you may have created Stax Users that use the same email address as federated users. When these users first log in after SSO is configured, they'll be prompted to Add to your existing account. The user will receive a verification email containing a link to confirm their ownership of the email address.
Once the user has clicked this link, they can navigate back to the Stax Console and log in via the single sign-on provider.
IdP-Initiated Sign-In
At this time, Stax does not support IdP-initiated sign-ins. You must use SP-initiated sign-in to access Stax.