Managed Solr Single Sign-On (SSO)

SearchStax now offers the ability for clients to set up Single Sign-On for Managed Solr using the Security Assertion Markup Language (SAML), which is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).

SSO is an add-on SearchStax feature that needs to be purchased. If you are interested in this feature, please contact us here.

The following steps explain how it can be set up for Azure Active Directory.


Once SSO is enabled by SearchStax for your account, and a domain is set up, the owner and/or admin can see options to set it up. The options to set up SSO are in the User Preferences screen of the Managed Solr Dashboard:

Searchstax Single Sign-On

Once set up, the “direct Sign-In URL” is the URL that your team can use for signing into SearchStax Managed Solr Platform, or they can enter the domain name mentioned when choosing Single Sign-On.

  1. Go to Azure Active Directory. Select Enterprise Applications, and then click on “New Application.” Searchstax Single Sign-On
  2. Now Click on “Create your own application.”Searchstax Single Sign-On
  3. Enter a name for SearchStax application – say “SearchStaxManagedSolr”, and select the last dropdown “Integrate any application you don’t find in the gallery” and then click on the “Create” button. Searchstax Single Sign-On
  4. This creates a new Enterprise Application. In the screen that appears, click on the link for Step 1 > Assign Users and Groups. Here you can assign which Users/Groups have permission to SearchStaxManagedSolr Enterprise Application. Searchstax Single Sign-On
  5. Click on “Add user/group” and then follow up to add all the users of groups that you would like to grant access to. Searchstax Single Sign-On
  6. Once you are done with Step 1, click on the “Get started” link for Step 2. Setup single sign on. Searchstax Single Sign-On
  7. Now select the single sign-on method as “SAML.” Searchstax Single Sign-On
  8. It now shows the screen to configure the SAML enpoints: Searchstax Single Sign-On
  9. Click on Edit on Step 3, and change Signing Option as “Sign SAML response and assertion” and click “Save.” Searchstax Single Sign-OnThe option can be anything else too, but the same setting should then also be chosen in the SearchStax Dashboard in the SSO settings.
  10. Click on Edit button for Step 1 > Basic SAML Configuration.
    1. Enter the “Metadata URL” that shows on your page as Identifier (Entity ID). Remove any extra entries and make sure the “default” checkbox is checked.
    2. Enter the Assertion Consumer Service URL as the “Reply URL” as shown below.
    3. Click “Save.” Searchstax Single Sign-On
  11. Set up Step 2 > User Attributes & Claims. Click on Edit. Searchstax Single Sign-On
  12. SearchStax has roles defined. If your active directory has a field containing a mapping for those roles, click on “Add new claim” and assign “role”. If you do not have a mapping for SearchStax roles, you can leave it as it, and the users will get created with Team Member as the role by default. Those can always be changed later from the SearchStax Dashboard.

    As just an example, we are mapping user.jobtitle field as the “role” as shown below.

    The Unique User Identifier (Name ID) should be mapped to your active directory field that is the email for the users that will use SearchStax. In our case, the default user.userprincipalname contained the information.Searchstax Single Sign-On
  13. Now back on the SearchStax dashboard…
    1. Set the “Metadata url” as the “App Federation Metadata Url” shown in Step 3. Searchstax Single Sign-On
    2. Set the “Login Url” as the “Login URL” shown in Step 4.
    3. Set the “Logout Url” as the “Logout URL” shown in Step 4.
    4. Set the “Idp Entity Url” as the “Azure AD Identifier” shown in Step 4.

Below steps show how we have integrated it with our Azure Active Directory.

Searchstax Single Sign-On

Login Using SSO now provides a button at the bottom for SSO – “Sign-In With your ID Provider.” Click this button.

Searchstax Single Sign-On

Enter the domain that was setup for the client (Is also shown on the Single Sign-On screen in user’s User Preferences.)

Searchstax Single Sign-On

Click Continue. This takes you to Azure Sign-in page. After you authenticate, it brings you back to your SearchStax Dashboard.

Alternately, you can directly go to https://<Subdomain> to login, and clicking on the “Sign-In With your ID Provider” will take you directly to Azure Sign In.

SSO + Two-factor Authentication

A User can have SSO and Two-Factor authentication both setup. The 2FA settings for a user will apply to all accounts that the user has access to.

However, for the account that has SSO Setup, while logging in, SearchStax 2FA settings will not apply. In that case, 2FA should be set up at the SSO Provider.

Was this article helpful?