Troubleshoot Single Sign-On

Stax integrates with your corporate identity using SAML. Some resolutions to common problems with SAML single sign-on are found below.

Validate The Claim Attributes

For Stax to be able to process the claim from an identity provider, the claim needs to have the following attributes:

email
firstName
lastName
Role

These attributes are case sensitive, and if attribute names are incorrectly formatted then federated login will fail. For specific information on setup for your identity provider, see Single Sign-On.

Locating Logs

Once a single sign-on solution is linked with Stax, logs can be found in your security account.

These logs are available as a CloudWatch Log Group named /ecs/<stax-installation>/idam.

Linking Existing Users

Before configuring single sign-on, you may have created Stax Users that use the same email address as federated users. When these users first log in after SSO is configured, they'll be prompted to Add to your existing account. The user will receive a verification email containing a link to confirm their ownership of the email address.

Once the user has clicked this link, they can navigate back to the Stax Console and log in via the single sign-on provider.

note

At this time, Stax does not support IdP-initiated sign-ins. You must use SP-initiated sign-in to access Stax.

Validate The Claim Attributes​

Locating Logs​

Linking Existing Users​

IdP-Initiated Sign-In​

Validate The Claim Attributes

Locating Logs

Linking Existing Users

IdP-Initiated Sign-In