Single Sign-On

Stairwell can integrate with any SAML 2.0 IDP

There are two (2) Single Sign-On (SSO) options when it comes to getting access to Stairwell. Customer can provide their own Identity Provider (IdP) that we federate with or Stairwell can leverage our own IdP to provision users to a group and in turn the application.

Option 1: Bring your own IdP (Recommendation)

Depending on the IdP being used, the setup process will vary. This process will need to be coordinated so that information can be exchanged bi-directionally. General information to exchange can include but is not limited to:

  • SP Entity ID
  • Application Federation Metadata URL
  • Attribute Mapping (, user.emailAddress, user.firstName, user.lastName)
PROS (+)CONS (-)
Better long term optionLonger setup
More control over accessMore points of failure
Less reliance on Stairwell for access


Role Based Access Control (RBAC) isn't currently supported so no group attribution/assertion should be provided. If there is a desire to restrict access for specific users, please inform your CSM.

Option 2: Use Stairwell's IdP

Information needed for this option is simple.

  • Domain(s)
  • FirstName(s)
  • LastName(s)
  • EmailAddress(es)
PROS (+)CONS (-)
Easy setup for customerMore administration on Stairwell
Less points of failure for accessReliance on Stairwell for access management
Reliance on Stairwell for access audit logs


There may be additional costs to using Stairwell's IdP.