SSO Information

To get started with SSO, you’ll need to purchase the Business Package or higher. Learn more about our Stadium Packages here.

What is single sign-on?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

How does SSO work?

SSO works based on a trust relationship between an application, known as the service provider, and an identity provider, like Okta, Azure, CyberArk, etc. This trust relationship is often based on a certificate exchanged between the identity provider and the service provider. This certificate can be used to sign identity information sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens that contain identifying bits of information about the user, like a user’s email address or a username.

SSO at Stadium

Stadium is SAML 2.0 enabled and has partnered with various Identity Providers to provide seamless login to our customers. We are listed for SSO support under common IdP marketplaces like Okta, Microsoft Azure, and CyberArk. However, if you don’t see your IdP, don’t worry, as long as it supports SAML 2.0 we should be able to provide SSO. Please get in touch with support at hi@bystadium.com with details and we’ll get back to you with instructions.

The Stadium SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning
  • SP-Initiated Single Logout

How can you enable SSO for your organization?

Enabling SSO on Stadium is a straightforward process.

  1. Find our metadata on the following url: https://account.bystadium.com/saml/metadata
  2. Create a custom SSO app on your IDP provider (Okta, Azure,etc.) using the ACS url, EntityID, Certificate and Attributes as mentioned in the above metadata.
  3. Once app setup is done, please email hi@bystadium.com with the following details:

a. Single Sign-on URL
b. Single Logout URL (optional)
c. Entity ID
d. Certificate

4. Leave everything else on us to do.

After we receive the above details, we’ll create a corresponding configuration in our backend to enable SSO. This process typically takes 4-6 business days to configure and test.

Once SSO is enabled for your email domain, all the users using the same email domain will be redirected to your IDP immediately.

For any further queries, please contact us.