Skip to main content

About

SAML SSO is a paid offering. Contact your account team through the Customer Portal for more information.
MacStadium does not support IdP-initiated logins. After SSO is configured, all users must log in at portal.macstadium.com/sso using the ID provided by the MacStadium team.
You can also log in directly at portal.macstadium.com.

Overview

SAML SSO with Okta, allows customers to:
  • Enable users to be automatically signed in to MacStadium using their Okta accounts.
  • Manage users in one central location – Okta.

Getting Started

  1. Save the public signature key below (for example, save to macstadium-us-east-1_pusi8jHs1.pem)
-----BEGIN CERTIFICATE----- MIICvDCCAaSgAwIBAgIIdQAHcexaNC4wDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UE AwwTdXMtZWFzdC0xX3B1c2k4akhzMTAeFw0yNDAxMTAxNDEzMThaFw0zNDAxMTAw MDI1MThaMB4xHDAaBgNVBAMME3VzLWVhc3QtMV9wdXNpOGpIczEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiLAh9YbRaJFwq6wODIsJixW9sCPVbO6MR wtSXEqDp1oRuJ//c7DVsytJd3koj1WRtF9+Hg1lvhx9Of+D0l5hjltB4mbeaQpOx cwgdxCepba2OuzxpU4APOCyU++NBfqe3Be+GIkWnbygsYFo5Dq26dFTSzYq/UNam YBTRgPh28k3yv82A2cH96wqwWGuLg52TUc56AGSCAwTCqN5VlwNaMzAuYqxHW2zo tmeLtC9T8q0vS+/UWq/EckR7jV/R4ziyEYB/PWgkZNUnOp0TCYtiuoYdHuqzoazW jhQjil9W0TsUq6k6Vo2ISz+r3XxlXXQMk6blmfJDU7JcMEkPZybhAgMBAAEwDQYJ KoZIhvcNAQELBQADggEBAJ8QzPsFgF/prkw2/qsgfAs0nKJY+zAaIqYSGZlYY4pq pObs0q2O8R3ecsS8e1cpahn4GdstPad69CqgyqPVf7EZm5ZMfUY9s5P7ufDJ3neh /YTp6KX1yHG8PJwJuCPSbB6OxcQirrxOKwsT2tPUMOziYHPQuickpJ7WlxEso3Xj QlcU+F4L8tjhxxF3/T7+fOlzZmivLcBPVx7z+21VoARhJvetoqCqzRccrOitHWye Bma/C6JOtvFq3JPWH0rgmAV6IGhvCSro4ANaToEmK7JYXiOD13DlA44P0l6gV7L8 p5EbQgF1F9eBQpfvL2E3Ml/+ZrXf5zBr5EjSLKvj/NE= -----END CERTIFICATE-----
  1. Open Okta admin.
  2. Navigate to Applications → Applications.
  3. Create a new App integration by clicking Create App Integration.
  4. Select SAML 2.0.
14c1dce-3.png
  1. Click Next.
  2. Enter app name (for example, MacStadium-SAML). b3f13f7-4.png
  3. Configure the SAML application.
  4. Sign-on URL: https://idp.macstadium.com/saml2/idpresponse
  5. Use this for Recipient URL and Destination URL: ✔︎ (make sure it’s checked)
  6. Audience URI (SP Identity ID): urn:amazon:cognito:sp:us-east-1_pusi8jHs1
  7. Click Show Advanced Settings.
  8. Upload the public certificate (macstadium-us-east-1_pusi8jHs1.pem) from Step 1.
  9. Single Logout.
  10. Allow application to initiate Single Logout - ✔︎ (make sure it is checked)
  11. Single Logout URL: https://idp.macstadium.com/saml2/logout
  12. SP Issuer: urn:amazon:cognito:sp:us-east-1_pusi8jHs1
  13. Attribute statements 728d080-5.png
  14. Click Finish to complete the setup.
  15. Provide the MacStadium support team the Metadata URL 812e3ba-7.png