SSO Configuration Details

A list of configuration details needed to set up SSO in the Staffbase Studio.

Staffbase Email
beta

Staffbase supports both or protocols for SSO. Choose the one that best fits your organization’s needs and Identity Provider (IdP) capabilities. This article outlines the configuration details you need from both Staffbase as Service Provider (SP) and your IdP to complete the integration successfully.

You need to provide the following details in your IdP depending on your chosen protocol.

Once you have entered the configuration identifier, you can retrieve the Service Provider (SP) data required for your IdP configuration.

Service Provider InfoDescription
Endpoint

The URL where your IdP sends authentication responses. This acts as the Assertion Consumer Service (ACS) endpoint in Staffbase that receives SAML assertions after a user is authenticated.
The {SSOConfigID} is a unique identifier you define during SSO configuration in Staffbase Studio.
https://<your-domain>/auth/saml/{SSOConfigID}
Example:
https://myapp.staffbase.com/auth/saml/myssoconfigid

Audience

The unique identifier (Entity ID) that represents the Staffbase platform as a Service Provider. It is used by the IdP to validate the intended recipient of the SAML authentication request.
https://<your-domain>
Example:
https://myapp.staffbase.com

Metadata

The URL where your IdP can access the SAML metadata provided by Staffbase. This metadata includes essential configuration details such as the service provider endpoint, certificate, and binding information.
Note: The URL becomes active after you’ve created the SSO configuration in Staffbase Studio.
https://<your-domain>/auth/saml/{SSOConfigID}/metadata
Example:
https://myapp.staffbase.com/auth/saml/myssoconfigid/metadata

Service Provider InfoDescription
Callback URL

The URL where the IdP redirects users after successful authentication. Staffbase uses this endpoint to receive the authorization code or tokens required to complete the login flow and start the user session.
The format is your Staffbase web application URL followed by /auth/oidc/{SSOConfigID}/callback.
Example:
https://myapp.staffbase.com/auth/oidc/{SSOConfigID}/callback

You need the following configuration details from your IdP to complete SSO configuration in Staffbase Studio:

IdP InfoDescription
Endpoint URL

The URL for your SSO configuration in your IdP.

Metadata URL

The URL to the metadata file for your SSO configuration in your IdP. It includes certificates, bindings, and other settings.

Issuer / Entity ID

(Optional) The unique identifier for your IdP, used by Staffbase to validate the authentication response.

IdP InfoDescription
Endpoint URL

The URL where Staffbase sends authentication requests for your SSO configuration in your IdP.

Client ID

The unique identifier for your Staffbase application registered in the IdP.

Client Secret

The secret key used to authenticate your Staffbase application with the IdP.

External Attribute Name

The attribute from the IdP that uniquely identifies the user. This value will be mapped to the external ID in Staffbase. Common options are sub (subject) or email.