• I am unable to sign in as admin/password. What do I do?
    The super admin sign in page is at https://<instancedns>/admin. All other users, including created admin users, will sign in at https://<instancedns>/login.

  • I am unable to access https://<instancedns>/. What's wrong?
    When the instance is first launched, various initialization scripts are executed. You will be able to access your instance via https://<instancedns>/ in a couple minutes.

  • I am running the instance in a VPC and cannot access the instance. How can I access it?
    Please ensure that your VPC settings are configured so that you can access the Elastic SSO via port 80 and 443.

  • I forgot my super admin username and/or password. How do I reset it?
    The only way to reset the super admin credentials is via command line. Please follow the instructions here.

  • How do I use an external database instead of the one local to the instance?
    Please read the section External Database section in this page.

  • I am seeing a 500 error on the Dashboard after initializing the database. What’s wrong?
    You are most likely using an external database such as RDS. Ensure that you are using MySQL v5.5.x with InnoDB support enabled. Also, read the External Database section in this page.

  • I don’t want to go through AWS Marketplace to start my Elastic SSO instance. Are there any other options?
    An alternate way is to purchase the Elastic SSO instance directly through 9STAR whereby 9STAR provides the AWS hosting environment. 9STAR can also provide managed support for the instance if needed OR you can manage the instance yourself remotely via your web browser. Please contact sales@9starinc.com to purchase Elastic SSO directly from 9STAR.

  • Does 9STAR provide premium technical support for my AWS hosted Elastic SSO?
    Yes. Premium Technical Support options for Elastic SSO are available. Please do not hesitate to contact sales@9starinc.com for additional information or help.

  • How do I integrate with Google Apps?
    Please follow the instructions provided here.

  • How do I integrate with Salesforce?
    Please follow the instructions provided here.

  • How do I release multi-valued attributes to a service provider?
    This can be achieved either by using the User Group feature or Custom User Fields.  Once they are configured, you can simply select them to be released via the Service Provider/Federation Attribute Mapping section.

  • Is it possible to load balance Elastic SSO?
    You can load balance the instances using AWS ELB (Elastic Load Balancer). You will need to set configure the load balancer for session affinity.

  • How do i migrate from one Elastic SSO Team instance to another?
    The best way to migrate an ESSO Team instance is to dump the database to a file and import it into the new instance. You should only terminate the instance once you are completely done with the migration. Here is a general outline of the steps:

    1. SSH into the current instance.
    2. Use mysqldump to dump the database into a file: mysqldump -u root -p elasticsso > /tmp/elasticsso.sql.
    3. Copy the file to the new instance. You can use the scp command for this.
    4. Import the file to the new instance: mysql -u root -p elasticsso < elasticsso.sql.

There are a few things that you should keep in mind:

  • If you plan to use a different public DNS value for the new instance, be sure to update the Identity Provider hostname value. Changing the hostname value will require that your service providers update their copy of the ESSO IDP metadata. This is because changing the hostname value will change the IDP SAML endpoint values.
  • If you are using a CA-signed SSL certificate under Webserver Settings, be sure to copy the private key, intermediate certs, and certificate over to the new instance.
  • If you have configured ESSO to be a part of an identity federation, you will want to trigger a metadata update manually one time.