Working with Audience with a combination of SAML authentication

Dudi Glasswien April 7, 2024

Hi, 

I am trying to understand the process of working with Audience & SAML through this article:

https://support.atlassian.com/statuspage/docs/require-saml-for-audience-specific-pages/ 

Everything is clear except the registration process. When defining a new Audience Group, to add a new user, the process requires an account (an email is sent to the mailbox, and the user needs to define a username and password to register to the group).

I would like to avoid manual registration. Can I assume that once SAML is set and a user logs in to the status page, instead of having a StatusPage login, he will have an Okta login? After providing the credentials, the user will be redirected and automatically registered under the relevant StatusPage group that shows him the matched components state (which belongs to that group)

Thanks you

1 answer

0 votes
Alan Violada
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2024

Hey Dudi, Alan from the Statuspage Support team here.

Once SAML is enabled, users and groups will be managed via the IDP configuration  - When logging in via SSO, users will be assigned to the appropriate audience groups based on the "groups" attribute sent by the IDP.

One thing to keep in mind is that this will only work if the group name coming in from the IDP matches the "External Identifier" value configured for each group in the Statuspage configuration.

 

Regards,

Alan

Dudi Glasswien April 16, 2024

Thanks, Alan, for the response! 

To make sure it is clear to me, under the "Audience" tab, the user won't be shown until he logs in and subscribes (the group he will be joining is defined by the External Identifier that is provided by the IDP (Okta in our case).

 

another question:

If we also supporting an external IDPS (Federated Identity), does that mean we need to force our customer's IDPS  to provide this "External Identifier" for this solution to work?

 

Thanks Again Alan

Chris DeGidio
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 16, 2024

@Dudi Glasswien hi there,

Yes, the group's identifier must be sent within the Attributes during the SAML assertion. This is a requirement for using SSO with audience-specific page types.

 

Dudi Glasswien April 24, 2024

HI Chis , by the document instructions to integrate StatusPage with Idp and XAML -

(https://support.atlassian.com/statuspage/docs/require-saml-for-audience-specific-pages/) 

It is to approach support and request that the "authentication" tab under the audience plan be opened (currently, it is hidden).

I did that last week (CA-2927455 ), but no one was answering me.

Can you please assist on that?

 

Regards

David Glaswien | Varonis.com

Alan Violada
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 24, 2024

Hey David,

Let me check with the team responsible for that ticket, I will ask for an update and you should get a response directly in the ticket.

 

Regards,

Alan

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events