Single Sign-On
Stairwell can integrate with any SAML 2.0 IDP
There are two (2) Single Sign-On (SSO) options when it comes to getting access to Stairwell. Customer can provide their own Identity Provider (IdP) that we federate with or Stairwell can leverage our own IdP to provision users to a group and in turn the application.
Option 1: Bring your own IdP (Recommendation)
Depending on the IdP being used, the setup process will vary. This process will need to be coordinated so that information can be exchanged bi-directionally. General information to exchange can include but is not limited to:
- SP Entity ID
- ACS URL
- Application Federation Metadata URL
- Attribute Mapping (user.id, user.emailAddress, user.firstName, user.lastName)
PROS (+) | CONS (-) |
---|---|
Better long term option | Longer setup |
More control over access | More points of failure |
Less reliance on Stairwell for access |
Role Based Access Control (RBAC) isn't currently supported so no group attribution/assertion should be provided. If there is a desire to restrict access for specific users, please inform your CSM.
Option 2: Use Stairwell's IdP
Information needed for this option is simple.
- Domain(s)
- FirstName(s)
- LastName(s)
- EmailAddress(es)
PROS (+) | CONS (-) |
---|---|
Easy setup for customer | More administration on Stairwell |
Less points of failure for access | Reliance on Stairwell for access management |
Reliance on Stairwell for access audit logs |
There may be additional costs to using Stairwell's IdP.
Updated 8 months ago