SSO/SAML Integration

Your organizations within the StackHawk platform can be integrated with third party Identity Providers (IDP’s) in order to reduce manual user administration activities across platforms.

Preparing the IDP environment

SSO/SAML integration with the StackHawk Platform starts with provisioning StackHawk in the IDP and obtaining the associated XML Metadata document:

  1. Set up StackHawk as a Service Provider (SP) in the IDP given the following requirements:
    1. StackHawk’s SAML endpoint URL is https://auth.stackhawk.com/saml/SSO
    2. StackHawk’s Audience URI / service provider identifier is com:stackhawk:kaakaww:sp
    3. Email should be the primary identifier
      • Example:
        • <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    4. First name and last name identifiers should also be present; their format varies by identity provider
      • Examples:
        • Okta:
          • user.firstName
          • user.lastName
        • Duo:
          • firstName
          • lastName
  2. Generate a SAML Metadata document (XML) and capture that document for later provisioning by StackHawk support.

Notes:

  • In Azure environments, the Active Directory (AD) config behind the scenes is likely using the samAccountId as the default identifier; for the StackHawk SP, this should be updated so that email is the primary identifier
  • Okta users: see the StackHawk entry on the Okta Integration Network

Provisioning the StackHawk Platform

Once the XML Metadata has been generated, contact StackHawk support at support@stackhawk.com for additional assistance – support will need to provision the XML Metadata for the organizations in question.