Single Sign-On Security / Single Sign-On

StatusDashboard currently supports two distinct Single Sign-On (SSO) implementations:

SAML  There are two SAML implementations for StatusDashboard, one for user access to your dashboard and one for administrative access to the StatusDashboard administration console.  We have validated configurations for most major Identity Providers (IdP) including OneLogin, Okta and Ping Identity but we can also work with you on a custom implementation.  We currently support SP initiated SSO as well as IdP initiated SSO.
Google OAuth2 Utilize the Google OAuth2 login service (e.g. "Login with Google") for administrative access to the StatusDashboard administration console.


High level details and basic configuration parameters for SSO are provided below:

Dashboard Single Sign-On (SAML)

Dashboard SSO allows customers to protect their dashboard pages (e.g. status.acme.com) with SAML authentication.  Once configured, any access attempts to any dashboard page will be prompted for authentication credentials from the customer's configured identity provider (IdP).  Dashboard SSO may be used in combination with a dashboard IP whitelist to require SAML authentication in addition to source IP address verification before allowing access to the customer dashboard.

Basic configuration parameters for setting up a Dashboard SSO application on your IdP are shown below. This assumes a dashboard url of acme.statusdashboard.com - each customer would use their own dashboard url (either a subdomain of statusdashboard.com, or a domain alias).


Assertion Consumer Service https://acme.statusdashboard.com/acs
Audience (SP Entity ID) acme.statusdashboard.com
Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
Application Username Email address
Attribute Statement
fName User account's first name
lName User account's last name
Response Signature Signed
Assertion Signature Signed
Assertion Encryption Unencrypted
Single Logout Service 
(Optional)
https://acme.statusdashboard.com/sls
SP x509 Certificate


Administrative Single Sign-On (SAML)

Administrative SSO allows StatusDashboard administrative accounts to authenticate against the customer's configured identity provider (IdP) before being provided access to the StatusDashboard administration portal.  Once configured, all users will be required to sign-in to the StatusDashboard administration portal with their IdP credentials (unless the user account has been configured for SSO bypass).  Administrative SSO may be used in combination with an admin login whitelist to require SAML authentication in addition to source IP address verification before allowing access to the StatusDashboard administration portal.  With Administrative SSO, user accounts and permissions are still configured within the StatusDashboard administration portal, but all authentication is handled by the customer's IdP.  When creating StatusDashboard user accounts, the email address within StatusDashboard must match the email address within the customer's IdP.

Basic configuration parameters for setting up an Administrative SSO application on your IdP are shown below. This assumes a customer ID of 101 - each customer would use their own customer ID here (StatusDashboard technical support will provide this ID when setting up SSO).


Assertion Consumer Service https://www.statusdashboard.com/accounts/login/sso/acs/101/
Audience (SP Entity ID) www.statusdashboard.com/101/
Name ID Format urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
Application Username Email address
Attribute Statement
fName User account's first name
lName User account's last name
Response Signature Signed
Assertion Signature Signed
Assertion Encryption Unencrypted
Single Logout Service 
(Optional)
https://www.statusdashboard.com/accounts/login/sso/sls/101/
SP x509 Certificate

Administrative Single Sign-On (Google OAuth2)

Administrative SSO allows StatusDashboard administrative accounts to authenticate against the Google's OAuth2 login service before being provided access to the StatusDashboard administration portal.  The Google OAuth2 login service functions with Gmail accounts as well as Google Apps accounts.  Once enabled, all users will be required to sign-in to the StatusDashboard administration portal with their Google account credentials (unless the user account has been configured for SSO bypass).  With Administrative SSO, user accounts and permissions are still configured within the StatusDashboard administration portal, but all authentication is handled by Google's login service.  When creating StatusDashboard user accounts, the email address within StatusDashboard must match the email address within Google.


If you are interested in configuring SSO for your organization, please contact our customer support team for more details.  Once SSO has been configured, customers can manually enable/disable SAML authentication by navigating to Security > Single Sign-On


Required Permissions Role: Administrator or User Management