Stratosphere
Premium Features
Single Sign-On (SSO)
4 min
understanding and configuring single sign on (sso) for stratosphere single sign on (sso) is a method of authentication that allows users to log in once using a single set of credentials and then access multiple applications without having to re enter their username and password for organizations, sso improves security by centralizing authentication, while for users it enhances convenience by reducing the number of logins they must remember by enabling sso in stratosphere, you ensure that only authenticated users from your trusted identity provider (idp) can access your system this reduces the risk of weak passwords, phishing, and unauthorized access why use sso? improved security uthentication is managed by a trusted idp such as okta, azure ad, or google workspace this makes it easier to enforce strong password policies, multi factor authentication (mfa), and monitoring user convenience users sign in once and gain access to multiple apps, reducing login fatigue centralized access management admins can control user access from one place, simplifying onboarding and offboarding compliance ready helps align with regulatory requirements like hipaa, iso 27001, and soc 2 steps to configure sso in stratosphere locate the sso settings og into stratosphere as an administrator and navigate to the single sign on section in your settings (organization > add/remove features) if single sign on is not available please contact your terso support representative enable sso for your organization click the single sign on button entity id copy the following value into your idp configuration ( https //stratosphere app/ https //beta stratosphere app/ ) assertion consumer service (acs) url in your idp, configure the acs url as ( https //stratosphere app/home/samlacs/79 https //beta stratosphere app/home/samlacs/79 ) this tells your idp where to send authentication responses sign in url paste your idp’s sign in url into stratosphere upload public x509 certificate download the certificate from your idp that is used to sign saml assertions upload it into stratosphere to ensure authentication messages are trusted domain enter the email domain(s) for your organization (e g `yourcompany com`) this ensures that only users from your domain can authenticate through sso verify domain ownership stratosphere will provide a txt dns record copy the record add it to your domain’s dns configuration this step confirms you control the email domain linked to sso enable strict mode (optional) toggle strict mode if you want to enforce that all users must log in through sso enforce all aliased or non domain email addresses are blocked it’s best to enable this after you’ve confirmed everything is working smoothly save and test save your configuration test logging in with a user from your idp before enabling sso for your entire organization best practices keep a backup admin account aintain at least one non sso admin account this prevents lockouts if your idp is unavailable or misconfigured roll out gradually test with a small group of users before enforcing across the organization enable mfa at the idp strengthen authentication by requiring multi factor authentication