Tags | Authentication | SSO |

Available on Basic, Business plans
Admin privileges required

1. OneLogin Setup for Stack Overflow for Teams

In OneLogin, add a new SAML 2.0 Application. In this example, we used a SAML Custom Connector (Advance) application.

Once the application is created, go to the Configuration tab.

The following can be used to fill in on this page.

You can leave the remaining as default.

Now go to the Parameters tab.

You must have at least one parameter for the user display name, email, and NameID attributes. All must be included in the SAML assertions, so when adding the custom parameters, make sure you check the Include in SAML assertion checkbox.

2. Configure Stack Overflow Authentication Settings

In a new browser, open your Stack Overflow Authentication settings on Stack Overflow. Make sure Single sign-on (SSO) is selected.

On OneLogin click the SSO tab

You'll need to copy over to Stack Overflow the following fields according to what you got on OneLogin:

  • Single Sign-On Service Url: that's the SAML 2.0 Endpoint on OneLogin

  • Single Sign-On Service Protocol Binding: do not change, leave as POST

  • Issuer: that's the Issuer URL on OneLogin

  • Audience Restriction: This is the Audience URL you set on the OneLogin Configuration tab

  • Display Name Assertion: This is the SAML Test Connector (IdP) Field, on the Parameters tab, for the user display name. In our example, that was the "Name" parameter.

  • Email Address Assertion: should match the SAML Test Connector (IdP) Field, on the Parameters tab, for the user email In our example, that was the "Email" parameter.

  • Leave all checkboxes unchecked

  • Identity Provider Certificates: copy and paste the certificate for your OneLogin setup. This can be found by clicking on View Details for the certificate generated by OneLogin in the screenshot above.

3. Test Configure Authentication Settings for your Stack Overflow Team

Validate your certificate by pressing Validate certificate (you should get a green box with a success message).

Now press Authenticate and enable. You should all be good to go to https://stackoverflow.com/c/[your_site] with your SSO.

If any issue arises you can use Debug SAML auth settings and View SAML request to find out where the issue might be occurring.


Need help? Submit an issue or question through our support portal.

Did this answer your question?