Looking to integrate Single Sign-On (SSO) with your Stadium account? Whether you're using Okta, Azure AD, CyberArk, or any other SAML 2.0 identity provider, this guide walks you through how to set up SSO on Stadium, what information you need to provide, and how SSO helps improve enterprise security, user login experience, and IT control. Learn about SSO requirements, setup steps, data flows, and common setup issues and troubleshooting tips.

 

This article includes sections:

• SSO (Single Sign-On) Integration Overview
• Why Use the Stadium SSO Integration
• When to Use or Not Use the SSO
• SSO Installation
• SSO Data Flows
• SSO (Single Sign-On) Frequently Asked Questions (FAQs)
  
  

💡 SSO (Single Sign-On) Integration Overview

 

🧠What is the value of SSO integration?

Stadium’s SSO integration provides secure, seamless access for users by allowing them to authenticate with their existing company credentials. It simplifies login experiences, reduces password fatigue, and enhances enterprise security by centralizing user authentication through a trusted identity provider (IdP).

 

🎯Why Use the Stadium SSO Integration

• Frictionless Access: Users sign in through their company’s SSO portal—no separate credentials required.
  
  
• Centralized User Management: IT admins can manage employee access in one place.
  
  
• Improved Security: Authentication is handled via secure tokens and SAML 2.0 protocols.
  
  
• Compliance Friendly: Fits enterprise security and compliance frameworks.
  
  

🚫 When to Use or Not Use the SSO

 

✅ Use When	❌ Avoid When
You have an IT-managed identity provider (Okta, Azure AD, CyberArk, etc.).	Your organization does not use an identity provider or SAML-based login.
You want to control access at the domain level and enforce centralized login.	You have only a few users and prefer using email/password logins.
You want automated provisioning with JIT (Just-in-Time) for new users.	Your team isn’t ready to manage enterprise-level SSO settings.

 

 

Back to Top ↑

 

 

🛠️ SSO Installation

 

✅ Requirements Before You Begin

Make sure you have the following:

• Stadium Business package 

• Access to your IdP (Okta, Azure AD, etc.)

• The following SAML details:

  • SSO URL (Login URL)

  • SLO URL (Logout URL, optional)

  • Entity ID

  • X.509 Certificate

 

📥How to Set Up the SSO

 

1. Verify Your Plan
   You’ll need to be on the Business Package or higher to enable SSO. Contact sales if you're unsure.
   
   
2. Access Stadium’s Metadata URL
   Visit: https://account.bystadium.com/saml/metadata This contains essential details like:
   
   
   • ACS URL
     
     
   • Entity ID
     
     
   • Certificate
     
     
   • Attribute mapping
     
     
3. Create a Custom SAML App in Your IdP
   Supported Identity Providers:
   
   
   • Okta
     
     
   • Microsoft Azure AD
     
     
   • CyberArk
     
     
   • Any SAML 2.0-compliant provider
     
     
4. Send Configuration Details to Stadium
   Email techspecialist@bystadium.com with:
   
   
   • SSO URL (Login URL)
     
     
   • SLO URL (Logout URL, optional)
     
     
   • Entity ID
     
     
   • X.509 Certificate
     
     
5. Stadium Will Complete the Setup
   The Stadium team will configure the backend and test the SSO setup (usually within 4–6 business days). Once active, all users from your domain will be routed through your IdP.

For complete steps, read this article: 👉Enabling Single Sign On

 

 

Back to Top ↑

 

🔁 SSO Data Flows

 

What are the distinct data flows?

Flow	Trigger	Description
SP-Initiated SSO	User accesses Stadium	Stadium redirects to IdP for authentication
IdP-Initiated SSO	User logs in via IdP dashboard	Stadium launches after successful auth
JIT Provisioning	New user logs in via SSO	User account is automatically created in Stadium
SP-Initiated Logout	User signs out from Stadium	Logs out and notifies IdP (if configured)

How to manually trigger data flows

• You can test the login directly from your IdP after setup.
  
  

You can also manually attempt login via Stadium’s login page using your corporate email domain once SSO is configured.

 

 

Back to Top ↑

 

 

❓SSO (Single Sign-On) Frequently Asked Questions (FAQs)

 

🔧 Setup & Config

 Is Stadium SAML 2.0 compatible?

• Yes. Stadium is fully SAML 2.0 compliant and works with any IdP that supports SAML (Okta, Azure, CyberArk, etc.).

How long does SSO setup take?

• Stadium usually completes SSO setup within 4–6 business days once required information is received.

Do I need to configure anything inside Stadium myself?

• No. After you send your IDP configuration to techspecialist@bystadium.com , the Stadium team will handle the rest.

 

 

🧠 User Access & Login

What happens after SSO is enabled?

• All users from your company domain will be automatically routed through your SSO login flow when accessing Stadium.

What to do if you need to support multiple domains

• Please contact support—multi-domain support may be available upon request.

 

Can email/password login be allowed after SSO is enabled?

• Not by default. All domain-matched users are routed via SSO. You’ll need a support exception if mixed login is needed.

 

💡 Edge Cases & Gotchas

Scenario: A new employee logs in and gets a 403 error
→ Ensure JIT provisioning is enabled on your IdP or pre-assign the Stadium app to new users.

Scenario: We rotated our SAML certificate. Now users can’t log in.
→ Re-send your updated certificate and metadata to techspecialist@bystadium.com for an update.

Scenario: I no longer want SSO enabled. How can I revert?
→ Contact support. Stadium will disable the SSO redirect and reinstate password login for your domain.

 

📞 Need Help?

• Technical Support: techspecialist@bystadium.com 
  
  
• Learning Center: help.bystadium.com

 

Back to Top ↑

 

 

 

Access the Integrations feature with our paid Stadium Packages.

Visit our Pricing Page to check out the inclusions of each package and choose the one that best suits your needs.