Tags | Authentication | SSO | SAML | Okta |
ADMIN PRIVILEGES REQUIRED
Enterprise users can access their documentation here. Find your plan.
Overview
These instructions describe how to integrate your Stack Overflow for Teams Basic or Business site with Okta as your Identity Provider (IdP) for authentication. Once configured, your users will be able to use Okta and the Security Assertion Markup Language (SAML) for Single Sign-on (SSO) authentication into your site. You can learn more about SAML in our SAML Authentication Overview document.
When setting up SAML authentication, you'll configure your Stack Overflow for Teams site and the Okta IdP in a back-and-forth process. We recommend having a browser tab open to each site.
THIS ARTICLE APPLIES TO STACK OVERFLOW FOR TEAMS BASIC AND BUSINESS ONLY.
Stack Overflow for Teams Enterprise users should read this article instead. Find your plan.
Configure Okta SAML settings
From the Applications page in Okta, click Browse App Catalog. That will take you to the Application Directory, from which you can search for Stack Overflow for Teams.
Then Click Add to begin set up.
Give the application a name (we recommend sticking to the default Stack Overflow for Teams). Then Click Done.
On the Application page, click the Sign On tab, then open View Setup Instructions in a separate browser. We will be using details from this page in setup.
In a new browser, open your Stack Overflow Authentication settings on Stack Overflow. Make sure Single sign-on (SSO) is selected.
Configure Okta authentication settings
On the Stack Overflow for Teams Application page on Okta, click the Edit button
Enter the Customer ID under Advance Sign-on Settings then press Save
Your Customer ID can be found in the Assertion Consumer Service URL on Stack Overflow Authentication Settings
For example: If your Assertion Consumer Service URL is https://sso.stackoverflow.com/c/acme/auth/saml2/post, your Customer ID is acme.
Configure Stack Overflow for Teams SAML settings
From the Okta View Setup Instructions skip to Step 4
Copy and paste the Single Sign-On Service URL given here to the Single Sign-On Service URL textbox on Stack Overflow Authentication settings.
Copy and paste the Issuer given here to the Issuer textbox on Stack Overflow Authentication settings.
For the following fields on Stack Overflow, you can enter:
Audience Restriction: https://stackoverflow.com
โ Display Name Assertion: displayname
โ Email Address Assertion: email
You can also add the following optional attributes. When configured and included in the SAML response, Stack Overflow for Teams automatically updates these user data fields on login. Job Title: jobtitle Department: department
Copy and paste the Identity Provider Certificate given here to the Identity Provider Certificate on Stack Overflow Authentication settings.
Save and test Stack Overflow for Teams SAML settings
Validate your certificate by pressing Validate certificate (you should get a green box with a success message).
Now press Authenticate and enable. You should all be good to go to https://stackoverflowteams.com/c/{addyourteam} with your SSO.
If any issue arises you can use Debug SAML auth settings and View SAML request to find out where the issue might be occurring.
Need help? Submit an issue or question through our support portal.