SAML 2.0 federation guide
Set up SAML federation with STACKIT IdP by following these steps. The STACKIT IdP acts as the Relying Party (RP), and your organization’s system acts as the Identity Provider (IdP).
Step 1: Open a support ticket
Section titled “Step 1: Open a support ticket”Open a support ticket with the following information:
General information
- Federation type: SAML 2.0
- Reason for integration: Brief explanation (for example, “Enable SSO for enterprise users”)
- Email domains: All email domains your employees use for login (for example,
@example.organd@foobar.com)
SAML-specific information
- IdP metadata URL: Publicly accessible URL to your IdP’s metadata file. Our system uses this URL to automatically retrieve configuration details (endpoints, certificates, etc.)
Step 2: Configure attribute mappings
Section titled “Step 2: Configure attribute mappings”Ensure the following user attributes are present in your IdP metadata:
- id: Unique identifier for the user
- preferredName: User’s preferred display name
- email: User’s email address
If your metadata doesn’t contain these attributes, specify how they’re named in your system. For example: “The id attribute in your system corresponds to our uid attribute.”
Step 3: Configure your IdP
Section titled “Step 3: Configure your IdP”After you provide the required information, our support team configures the federation. We then provide you with a unique SAML metadata URL for the STACKIT IdP:
https://accounts.stackit.cloud/idps/FEDERATION_ID_HERE/saml/metadataAdd this URL to your organization’s IdP to establish the trust relationship.
Step 4: Verification
Section titled “Step 4: Verification”Confirm the federation works and report the results or any problems you face.
Changing from OIDC to SAML
Section titled “Changing from OIDC to SAML”If you have an existing OIDC federation and switch to SAML, the transition is seamless. As long as email addresses remain the same, users won’t lose access or data. User accounts are tied to email addresses, not federation methods.