Log in

Start Free Trial

Configuring SAML/SSO Integration

StatusDrift supports SAML 2.0 Single Sign-On (SSO), allowing your team to authenticate using your organization’s identity provider (IdP) such as Okta, Azure AD, OneLogin, Google Workspace, or others. This guide walks you through the complete setup process.

Prerequisites

Before configuring SAML SSO, ensure you have:

  • Administrator access to your StatusDrift organization
  • Administrator access to your Identity Provider (Okta, Azure AD, etc.)
  • A StatusDrift plan that includes SSO functionality

Step 1: Create a SAML Application in StatusDrift

Navigate to Account Settings and select the Organization tab. Scroll down to the SAML Single Sign-On section and click Add SAML Provider.

Enter the following information:

  • Alias: A unique URL-safe identifier (e.g., “okta”, “azure-ad”). This will be used in your SSO URLs.
  • Display Name: A friendly name shown to users on the login page (e.g., “Sign in with Okta”).

Click Create & Continue to proceed to the next step.

Step 2: Configure Your Identity Provider

After creating the SAML application, StatusDrift displays the Service Provider (SP) metadata that you need to configure in your IdP:

  • SP Entity ID (Audience URI): The unique identifier for StatusDrift as a service provider
  • Assertion Consumer Service (ACS) URL: Where your IdP sends SAML responses
  • Single Logout Service (SLS) URL: For federated logout support (optional)
  • SP Metadata URL: XML metadata for automatic configuration (optional)

Copy these values and configure them in your Identity Provider. For specific IdP instructions, see our provider-specific guides:

Step 3: Enter IdP Details in StatusDrift

After configuring your IdP, return to StatusDrift and enter the IdP configuration details:

Required Fields

  • IdP Entity ID: The unique identifier of your Identity Provider (also called Issuer)
  • IdP SSO URL: The Single Sign-On URL where users are redirected to authenticate
  • IdP X.509 Certificate: The public certificate from your IdP in PEM format

Optional Fields

  • IdP SLO URL: Single Logout URL for federated logout support
  • Name ID Format: Format of the NameID in SAML assertions (default: Email Address)
  • Group Attribute: SAML attribute containing group memberships for role mapping

Step 4: Configure SSO Behavior

StatusDrift offers several options to customize your SSO experience:

IdP-Initiated Login

When enabled, users can start the login flow directly from your Identity Provider’s application dashboard.

Just-In-Time (JIT) User Provisioning

When enabled, user accounts are automatically created on first SAML login. You can set a Default Role for JIT-provisioned users (when no group mapping applies).

Domain Enforcement

Optionally specify an email domain to enforce SAML authentication. Users with that email domain must use SSO to log in.

Step 5: Configure Group Mappings (Optional)

Group mappings allow you to automatically assign roles to users based on their IdP group memberships. This is useful for:

  • Automatically granting admin access to IT administrators
  • Restricting access to specific monitor groups based on team membership
  • Assigning communication permissions to on-call engineers

To configure group mappings:

  1. Click Manage Group Mappings on your SAML provider
  2. Click Add Mapping
  3. Enter the SAML group name exactly as it appears in your IdP
  4. Select the target type (Organization or Monitor Group)
  5. Choose the role to assign
  6. Set a priority if you have multiple mappings (lower numbers take precedence)

Advanced Security Options

For enhanced security, StatusDrift supports additional SAML security settings:

  • Require Signed Assertions: Verify that SAML assertions are signed by your IdP
  • Require Signed Messages: Verify that SAML response messages are signed
  • Sign Authentication Requests: Sign SAML requests sent to your IdP

You can also provide custom SP certificates for signing if your organization requires it.

Organization-Wide Settings

In addition to SAML configuration, you can enforce security policies at the organization level:

  • Require Two-Factor Authentication: All organization members must have 2FA enabled
  • Restrict Members to SAML SSO: Users can only join via SAML SSO; manual invitations are disabled
  • Allowed Email Domains: Restrict collaborator invitations to specific email domains

Testing Your SSO Configuration

After completing the setup:

  1. Open a new incognito/private browser window
  2. Navigate to the StatusDrift login page
  3. Click Sign in with SSO
  4. Enter your organization’s SSO alias
  5. Authenticate with your Identity Provider
  6. Verify you are logged into StatusDrift with the correct permissions

Troubleshooting

If you encounter issues during SSO setup, check the following:

  • Certificate format: Ensure the X.509 certificate is in PEM format (starts with —–BEGIN CERTIFICATE—–)
  • URL accuracy: Verify all URLs are copied correctly without extra spaces
  • Clock synchronization: Ensure your IdP and StatusDrift servers have synchronized time
  • Attribute mappings: Check that required attributes (email, name) are being sent in the SAML assertion

For additional assistance, contact our support team at [email protected].

Was this article helpful?

Related Articles

Team ManagementConfiguring SSO with Google WorkspaceTeam ManagementConfiguring SSO with Azure ADTeam ManagementConfiguring SSO with Okta

More in Team Management

View all 6 articles →

Need more help?

Contact our support team for personalized assistance.

Contact Support