Configure SSO with any Identity Provider

Enabling SSO with Sorry™ is a two-step process, you first have to configure Sorry™ as an application within your IDP, and then give Sorry™ some settings from your IDP.

Once you configure SSO, you'll be able to assign your application to users within your organisation, allowing them to sign-in and manage your status page, without the need to invite them individually or maintain separate usernames and passwords.

Configuring Single Sign-On (SSO)

Start by finding your SSO settings in the "Team Members" section of your Sorry™ account.

Create a new application in your IDP

Now open a new browser tab and start the process of creating a new SAML 2.0 application within your IDP.

When required, copy the "ACS / Consumer URL" and "Entity ID / Audience URI" from Sorry™ into your IDP. These settings tell your IDP where to send SSO requests, and are specific to your Sorry™ team.

When asked by your IDP, select the Name Identifier Format as "EmailAddress", this tells your IDP to send Sorry™ the email of your user to authenticate them.

Finish the setup in your IDP, which may involve choosing a name, description or logo for your new application. (You can find the Sorry logo in our Brand Assets)

Add the new IDP application details to Sorry

Your IDP will now give you some details, most importantly the SAML Endpoint URL used to authenticate users and the x.509 Certificate which signs the request to ensure it's genuine.

Add both of these into the SSO configuration form within your Sorry™ account, and save them.

That's it!  SSO is now ready to use

Go ahead and assign the newly created IDP application to the people you wish to manage your status page.

Team Members

When using SSO, you need to add your team members first before they sign in to Sorry™.

From the Team Members page, you can assign each person a role and choose how they log in.

Once SSO is enabled, Owners and Team role members can manage sign-in options per person:

  • SSO only
  • SSO and Email (allows email/password as well as SSO)

By default:

  • New team members added while SSO is enabled are set to SSO only.
  • Existing team members at the time SSO is enabled are set to SSO and Email, so you’ll need to update their settings manually if you want them restricted to SSO only.

Allowing both SSO and Email can be useful if SSO is temporarily unavailable — affected team members can still log in using their email and password.

Configuring Single Logout (SLO)

We also support IDP Initiated SLO requests, so that when users sign out of your IDP, it will also sign them out of Sorry™.

If your IDP supports SLO, copy the SLO URL from your Sorry™ account into your IDP, and then place the SLO Endpoint provided by your IDP back into Sorry™.

Need help setting up SSO with your specific Identity Provider? Get in touch.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us