Overview
Rootly provides multiple authentication methods to secure access to your public status pages. You can choose from no authentication, password protection, or enterprise-grade SAML authentication depending on your security requirements. Authentication is only available for public status pages. Private status pages require users to be logged in to Rootly by default.Authentication Methods
No Authentication
No Authentication
Your status page is publicly accessible to anyone with the URL. This is the default setting and is suitable for:
- Public-facing service status pages
- External customer communications
- Maximum visibility during incidents
Password Authentication
Password Authentication
Protect your status page with a shared password. Anyone with the password can access the page.Best for:
- Partner or vendor portals
- Limited external stakeholder access
- Quick setup without SSO infrastructure
- Navigate to your status page settings
- Go to the Authentication tab
- Select “Password” as the authentication method
- Enter your desired password
- Save the changes
SAML Authentication
SAML Authentication
Enterprise-grade single sign-on using SAML 2.0 protocol. Users authenticate through your identity provider (IdP) without needing separate credentials.Best for:
- Enterprise customers with existing SSO infrastructure
- Compliance requirements (SOC 2, ISO 27001)
- Centralized access control and audit logs
- Multiple status pages with different IdP configurations
- SAML 2.0 authentication flow
- Single Logout (SLO)
- Per-status-page IdP configuration
- X.509 certificate validation
- Multiple name identifier formats
Configuring SAML Authentication
Prerequisites
Before configuring SAML authentication, you’ll need:- Access to your Identity Provider (IdP) admin console (e.g., Okta, Azure AD, Google Workspace)
- Your IdP’s SSO Service URL
- Your IdP’s X.509 certificate
- Permissions to create SAML applications in your IdP
Step 1: Enable SAML in Rootly
- Navigate to your status page settings
- Select the Authentication tab
- Choose “SAML” as the authentication method
Step 2: Configure Your Identity Provider
You’ll need to create a new SAML application in your IdP with the following information from Rootly: Service Provider (SP) Details:Field | Description | Example |
---|---|---|
Entity ID / Audience URL | Unique identifier for your status page | https://status.company.com/saml/metadata |
ACS URL / Callback URL | Where SAML responses are sent | https://status.company.com/saml/consume |
Metadata URL | Complete SP metadata (optional) | https://status.company.com/saml/metadata |
These URLs are automatically generated after you save your status page and will be displayed in the Authentication tab for easy copying.
Step 3: Configure SAML Settings in Rootly
Enter the following information from your Identity Provider:The SAML authentication endpoint provided by your IdPExample:
https://your-company.okta.com/app/abc123/sso/saml
The X.509 certificate from your IdP for validating SAML responses. Paste the full certificate including the BEGIN/END lines.
The format for user identification in SAML assertionsOptions:
- Email Address (default)
- Unspecified
- Persistent
- Transient
Optional endpoint for SAML Single Logout functionalityExample:
https://your-company.okta.com/app/abc123/slo/saml
Step 4: Test Authentication
- Save your SAML configuration
- Open your status page URL in a private/incognito browser window
- Click the sign-in option
- You should be redirected to your IdP for authentication
- After successful authentication, you’ll be redirected back to the status page
Common Identity Provider Guides
Okta
Configure SAML with Okta using the Entity ID, ACS URL, and download the certificate from your Okta application settings.
Azure AD
Use Azure AD Enterprise Applications to create a custom SAML app. Copy the Login URL and certificate from the SAML Signing Certificate section.
Google Workspace
Configure a custom SAML app in the Google Admin console. Use the SSO URL and download the IDP certificate.
OneLogin
Create a SAML application in OneLogin and configure the ACS URL. Download the X.509 certificate from the SSO tab.
Security Considerations
Certificate Management: SAML certificates have expiration dates. Monitor your certificate expiration and update it in Rootly before it expires to prevent authentication failures.
- X.509 Certificate Validation - All SAML responses are verified using your IdP’s certificate
- Signature Verification - Protects against tampering and man-in-the-middle attacks
- Replay Attack Protection - SAML assertions are validated for freshness
- Audit Logging - All authentication attempts are logged for compliance
- Secure Session Management - Encrypted cookies with automatic expiration
Troubleshooting
”Invalid SAML Response” Error
- Verify your IdP certificate is correctly formatted with BEGIN/END lines
- Check that the certificate hasn’t expired
- Ensure the ACS URL in your IdP matches exactly (including https://)
“Authentication Failed” Error
- Confirm the SSO Service URL is correct
- Check that the SAML application is assigned to the correct users in your IdP
- Verify the Name Identifier Format matches your IdP configuration
Users Cannot Access After Authentication
- Ensure the status page authentication method is set to “SAML”
- Check that your IdP is sending the SAML response to the correct ACS URL
- Verify there are no network/firewall restrictions blocking the SAML flow
Certificate Expiration
If your SAML certificate expires:- Download the new certificate from your IdP
- Navigate to your status page Authentication settings
- Update the IdP Certificate field with the new certificate
- Save the changes
Set a calendar reminder 30 days before your certificate expiration date to ensure uninterrupted access.
Switching Authentication Methods
You can change authentication methods at any time:- Navigate to your status page settings
- Go to the Authentication tab
- Select a different authentication method
- Configure any required fields
- Save your changes
Changing from SAML or Password to “No Authentication” will make your status page publicly accessible immediately.
API Configuration
Authentication methods can also be configured via the Rootly API:Related Resources
Public and Private Status Pages
Learn about the differences between public and private status pages
Status Page Overview
Get started with creating and managing status pages