Skip to main content

Enforce Single Sign-On for New Users

  • Updated

Users can log in to Stax either as a local user (with credentials stored in the Stax Identity Service), or using Single Sign-On (SSO). By default, when SSO is enabled, local users are still able to be invited by administrators. This is helpful when inviting users who are unable to utilize your corporate Identity Provider (IdP). In some cases, however, it is desirable to disable this functionality and require that all users authenticate to Stax using SSO.

Enforcing SSO for new users will not impact the ability for existing local users. This is by design to allow for use of a "Break Glass" local account that will function in the event of your corporate IdP being unavailable.
At this time, Stax does not support IdP-initiated sign-ins. You must use SP-initiated sign-in to access Stax.

Before You Begin

  • Estimated time to complete: 20 minutes
  • Ensure you are a member of the Admin role in Stax

Create a "Break Glass" Account

Consider creating a "Break Glass" account for use in an emergency. This account will continue to function once SSO is enforced for new users, and provides emergency access to Stax in the event that your Single Sign-On provider is unavailable.

  1. Create a user with appropriate privileges
  2. Optionally, configure Multi-Factor Authentication for the user to secure it

Enforce Single Sign-On for New Users

This configuration must be changed by Stax on your behalf. Raise a support case to request the change be implemented.

Remove Enforcement of Single Sign-On for New Users

To revert this configuration, raise a support case requesting the configuration be disabled.

Was this article helpful?
0 out of 0 found this helpful

Related articles