SSO

HockeyStack supports enterprise Single Sign-On with common identity providers including Microsoft Azure AD, Google Workspace, Okta, and OneLogin. HockeyStack uses an Auth0-based setup pattern for enterprise connections, so the exact app type and fields may vary slightly by provider, but the overall process is consistent across supported identity providers.

Setup overview

1. Your identity provider admin creates an application for HockeyStack in your provider’s admin console. Depending on the provider, this may be an Azure app registration, a Google OAuth client, an Okta OIDC app integration, or a OneLogin OpenID Connect app.

2. Your admin configures the HockeyStack redirect URL for the application. In the current Azure AD, Google Workspace, and Okta guides, this is the HockeyStack Auth0 callback URL.

3. Your team shares the required identity provider details with HockeyStack. For Auth0-based enterprise connections, this will typically include a client ID, client secret, and your provider domain, tenant information, or OIDC issuer details, depending on the identity provider.

4. HockeyStack completes the connection setup and validates the login flow.

Typical information required

The exact values depend on your identity provider, but HockeyStack may ask for:

• Client ID

• Client secret

• Provider domain, tenant domain, or organization domain

• OIDC issuer URL or discovery metadata, where applicable

Recommended user identifier

Your users should have email addresses in your identity provider that match the email addresses used for their HockeyStack accounts. This helps ensure clean user matching during login across enterprise identity providers. Users must already have HockeyStack accounts before they can sign in via SSO. HockeyStack does not automatically provision new user accounts from your identity provider.

Testing the integration

Once HockeyStack confirms setup is complete, users can test login from the HockeyStack login page using the relevant sign-in option for their organization.

Note: Once SSO is enabled for your organization, password-based login will be disabled for your users. All users will be required to sign in through your identity provider.

Important note

Setup requirements differ by provider. While HockeyStack is standardizing on an Auth0-based enterprise SSO approach, the exact admin experience in each identity provider may still vary. Always follow the provider-specific HockeyStack guide when one is available.