How to configure Status Hero SSO with Microsoft Azure Active Directory and SAML 2.0
Note: SSO/SAML is available in our Corporate or Enterprise plans.
Setup and Configuration
To setup your Status Hero account with SSO/SAML and Azure AD, you'll need to take the following steps. Right now there is still a manual step on our end, so we'll need the metadata URL from the last step along with a heads-up that you would like to enable SSO/SAML with Azure AD for your account.
Once we confirm that everything works, we'll disable password authentication and magic link sign-in capability completely for your account.
Here are the steps:
Sign in to your Azure Portal and visit the Azure Active Directory section. You'll need to be a tenant administrator.
From Enterprise Applications, click "New Application" and then "Non-Gallery Application"
Name the application "Status Hero" and click the "Add" button to save it.
Back on the "Enterprise Applications" page, click on "Status Hero" from the application list
Click on "Set up single sign-on", then click "SAML"
6. Under the "Basic SAML Configuration", use https://statushero.com/saml/metadata for the "Identifer" and https://statushero.com/saml/consume for the "Reply URL"
7. By default, "User attributes and claims" will use "Email address" as the name identifier format, but if your configuration is different, then you may have to set this up:
8. Under "SAML Signing Certificate", copy the "App Federation Metadata Url" and send it to us and send it to us (help chat or firstname.lastname@example.org)
9. After you have yourself or other users provisioned, and we've installed the Metadata URL for your account, we can begin testing.
We're working on provisioning users in Status Hero from AD automatically, but for now it's a two step process for each user:
Add the user to the account in Status Hero and then assign them to a team. You can also add them to a team directly In either case, make sure their email address is unique and the same one you have for them in Azure (or skip this step if the user already exists in Status Hero)
Make sure the user is enabled in Azure AD for the Status Hero app.