See https://support.admithub.com/hc/en-us/articles/4418658580365 for an overview of authentication into the Mainstay platform.
SSO via Azure
If your institution uses Azure as an SSO provider, you can set up SAML-based SSO with Mainstay by following these steps. First, though, make sure to ask your Partner Success Manager or the Support Team (email@example.com) for the Mainstay SAML metadata XML, which you will need to upload into Azure.
- In Azure, navigate to Enterprise applications.
- Click New Application and then Create your own application.
- Configure the appearance:
- In Authentication, add a single-page application with redirect URI https://app.mainstay.com/login/.
- At this point, you should be able to upload Mainstay's SAML metadata XML. The configuration should automatically populate.
- In Attributes & Claims, ensure that you are providing Mainstay with emailaddress. This is the Claim we use to match to an existing Mainstay user when they attempt to log in (with their email address). This value should match the email address that is used to invite someone to the Mainstay platform.
- Export the SAML Certificate > Federation Metadata XML. Send this to your Partner Success Manager or the Mainstay Support Team; Mainstay needs to import this on our side to enable SSO.
- The Mainstay team will inform you when everything is configured for your account. Your users will then be able to test logging in.
- When you're ready, we can also disable traditional password authentication for your account to ensure all users are logging in with SSO.