This option allows customers to use an existing secure password instead of creating a brand new one for the platform. This is ideal for business with strict security policies as it:
- allows businesses to enforce their password standard because you can only enter it through their system;
- allows businesses to revoke access to any system at any time by changing or disabling the password;
- allows for better control over password reset;
- Stops staff from sharing their accounts.
Generate the ADFS Metadata
In order for Stackla to enable Single Sign On, Stackla needs to be provided with the Active Directory Federation Services (ADFS) Metadata file (federationmetadata.xml) that has been setup for their respective Identity Provider (IdP). You will also need to provide Stackla with the rules to determine which users will be forced to authenticate via the IdP. The available rules for the client are:
- To specify a specific domain or domains where all users who have an email address associated with that domain to be forced to authenticate via the IdP
- To specify specific users (based upon email address) to be forced to authenticate via the IdP
Please provide this file to your Customer Success Account Manager so they can configure access for the relevant users.
ADFS Relying Party Configuration
Once Stackla has received the Active Directory Federation Services (ADFS) Metadata file, it will create the IdP configuration within Stackla and apply these rules to the specified user(s) based upon the rules specified by the client.
Once this process has been completed, Stackla will provide back to the client an SP Metadata file (spmetadata.xml) which can be used to configure the Relying Party within ADFS.
The XML file will contain the following details from Stackla:
- Entity Descriptor
- Single Logout Service Endpoint
- NameID Format
- Assertion Consumer Service Endpoint
- Organisation Details
Whilst specified within the SP Metadata file, customers may still need to configure a Relying Party Claim Rule within their ADFS environment.
The settings for this claim rule are:
- Incoming Claim Type: NameID
- Outgoing Claim Type: NameID
- Outgoing Name ID Format: Email
For any further questions or queries, please submit a request and our support team will get back to you.