Skip to main content
Configure Single Sign-on (SSO) with OneLogin

How to set up Stack Overflow for Teams for SAML SSO authentication with OneLogin.

Joel Bradley avatar
Written by Joel Bradley
Updated over 2 weeks ago

ADMIN PRIVILEGES REQUIRED

Applies to: Basic, Business

Enterprise users can access their documentation here. Find your plan.


Overview

These instructions describe how to integrate your Stack Overflow for Teams site with OneLogin as your Identity Provider (IdP) for authentication. Once configured, your users will be able to use OneLogin and the Security Assertion Markup Language (SAML) for Single Sign-on (SSO) authentication into your site. You can learn more about SAML in our SAML Authentication Overview document.

When setting up SAML authentication, you'll configure your Stack Overflow for Teams site and the OneLogin IdP in a back-and-forth process. We recommend having a browser tab open to each site.

THIS ARTICLE APPLIES TO STACK OVERFLOW FOR TEAMS BASIC AND BUSINESS ONLY.
Stack Overflow for Teams Enterprise users should read this article instead. Find your plan.

1. OneLogin Setup for Stack Overflow for Teams

In OneLogin, add a new SAML 2.0 Application. In this example, we used a SAML Custom Connector (Advance) application.

Once the application is created, go to the Configuration tab.

The following can be used to fill in on this page.

You can leave the remaining as default.

Now go to the Parameters tab.

You must have at least one parameter for the user display name, email, and NameID attributes. All must be included in the SAML assertions, so when adding the custom parameters, make sure you check the Include in SAML assertion checkbox.

You can also add the following optional attributes. When configured and included in the SAML response, Stack Overflow for Teams automatically updates these user data fields on login.

  • Job Title

  • Department

2. Configure Stack Overflow Authentication Settings

In a new browser, open your Stack Overflow Authentication settings on Stack Overflow. Make sure Single sign-on (SSO) is selected.

On OneLogin click the SSO tab

You'll need to copy over to Stack Overflow the following fields according to what you got on OneLogin:

  • Single Sign-On Service Url: that's the SAML 2.0 Endpoint on OneLogin.

  • Single Sign-On Service Protocol Binding: do not change, leave as POST.

  • Issuer: that's the Issuer URL on OneLogin.

  • Audience Restriction: This is the Audience URL you set on the OneLogin Configuration tab.

  • Display Name Assertion: This is the SAML Test Connector (IdP) Field, on the Parameters tab, for the user display name. In our example, that was the "Name" parameter.

  • Email Address Assertion: should match the SAML Test Connector (IdP) Field, on the Parameters tab, for the user email In our example, that was the "Email" parameter.

  • Job Title (optional): should match the user job title attribute you entered on the Parameters tab.

  • Department (optional): should match the user department attribute you entered on the Parameters tab.

  • Leave all checkboxes unchecked.

  • Identity Provider Certificates: copy and paste the certificate for your OneLogin setup. This can be found by clicking on View Details for the certificate generated by OneLogin in the screenshot above.

3. Test Configure Authentication Settings for your Stack Overflow Team

Validate your certificate by pressing Validate certificate (you should get a green box with a success message).

Now press Authenticate and enable. You should all be good to go to https://stackoverflowteams.com/c/[your_site] with your SSO.

If any issue arises you can use Debug SAML auth settings and View SAML request to find out where the issue might be occurring.


Need help? Submit an issue or question through our support portal.

Did this answer your question?