Require SAML for private pages

Single sign-on for private pages allows you to completely lock down your status page to employees only and have them authenticate with existing SSO credentials to both view the page and subscribe to notifications. Statuspage officially supports several identity providers and can integrate with any IdP that speaks SAML 2.0.

Note: Single sign-on for private pages comes with all private status pages. The number of SSO viewers is dependent upon your private page plan.

Set up SAML for page viewers

The following tutorial will take you through creating a custom SAML application to integrate with Statuspage SSO for Employee Viewers. We'll be creating a custom application within Okta for demonstration purposes. Keep in mind that these steps may differ slightly depending on your IdP setup.

  1. Click Your page in the left sidebar.

  2. Click Authentication from the second menu that opens in the left sidebar.

  3. Click Configure next to SAML.

  4. On top of this form, you'll see two values; ACS URL / Consumer URL and EntityID/Audience URL, These values will be needed within your IdP.

    • Alternately, you can click on service provider metadata XML file for this Organization to see the raw SAML metadata.

screenshot of SAML metadata
screenshot of authentication

Continue setup within your identity provider

  1. Create a custom application within your IdP.

  2. Enter the necessary information into the fields of the custom application. The necessary fields within any IdP will typically be:

    • Name: 'Statuspage Employee Viewership'

    • Single Sign on URL: https://manage.statuspage.io/sso/saml/consume (https://manage.statuspage.io/sso/saml/consume)

    • Audience URI (Entity ID): This will be unique for your account, and come from the EntityID field in the XML file we provide. Be sure to input the entire Entity ID URL, including the https://.

    • You may also encounter fields asking for formatting such as email or username. For Okta, these are the fields. Feel free to get in touch if you have any questions with your particular setup.

      • Name ID Format: Select EmailAddress from the dropdown menu

      • Application Username: Select Okta username from the dropdown menu

  3. Get the certificate information generated by your IdP to paste into Statuspage.

    • To do this within Okta, click View Setup Instructions within your newly created application, where a new tab will open with the application's sign on data.

  4. In the newly opened tab, you'll see the sign on data necessary for your application.

Finish setup in the Statuspage management interface

  1. Navigate back to your single sign-on controls in your Statuspage management interface: User menu (avatar) > User management > Single sign-on tab.

  2. Fill in the SSO Target URL field with the Identity Provider Single Sign-On URL value, provided by your IdP.

  3. Fill in Certificate with the corresponding value from the IdP. * Be sure to include the header and footer lines when pasting your X.509 Certificate!*

  4. Click Save Configuration, and your application is now configured to use single sign-on!

Assigning users to your Application

Now that your custom application is configured, all you have to do is assign users to it so that you can access the app. Note that since you have just configured an admin account, only Team Members who have existing Statuspage accounts will be able to log into Statuspage.

5. Return to your IdP admin portal, and navigate to the right place to provision users for an application.

6. Within Okta, you will see a modal with all of your available users. To grant access, click Assign for a specific user, and Done when you're finished. This should be fairly similar for other IdP's as well.

screenshot of user management modal
Assigning users to your Application

You have enabled single sign-on for your Statuspage account. You can still login through Statuspage, and also through your list of available apps within your IdP.

Additional Help