The Storable ID portal enables your organization to log in with a third-party identity provider (IdP), also called a login system. With your IdP, users can access Storable ID using your company’s login credentials, rather than using a Storable ID login. By bringing your own identity into Edge, you’ll save time and streamline your company’s login process with Storable ID.

The IdP login process can be implemented if you are already using Storable ID, or if this is the first time setting up your company account.

This guide explains how to set up your Storable ID login with your IdP, and how to switch your current Storable ID login to your IdP.

Note: The IdP login process is compatible with any OpenID Connect (OIDC) provider. Common OIDC providers include identity services like Google, Microsoft (Azure AD), Okta, AWS Cognito, and Apple. It is not compatible with an IdP that only utilizes Security Assertion Markup Language (SAML) for authentication. 

In this article:

Common FAQ's for Third-Party Identity Provider Login

Storable ID Admins: Setting Up Login with Your IdP Credentials

Storable ID Existing Users: Adding a Login System

How to Add a Domain

How to Delete a Login System

How to Delete a Domain

Common FAQ’s for Third-Party Identity Provider Login

I want to restrict my users' usernames to specific domains.  How can I manage that?

Domain restrictions are set at both the Storable Login method and through your provider.  However, if your own company login has third-party users (users not in your company directory) those third-party users' domains would have to be added to the Storable Login Method for the primary account they are associated with in order to be allowed to log in.  

My IdP rotates its signing keys.  Can a reminder be set up to prevent my users from losing access?

No.  It is the responsibility of your organization to update the keys in your Login Systems configuration before they expire.

I set up my company login, but I have third-party logins.  How do I manage that? 

Add those users directly in the Storable Portal. Since their usernames don't match your login system, they will log in with Storable's login system.

I set up Storable Login, but I now want to use my Company Login.  How do I do that?

• Before adding your company login, ensure that all employees with usernames under your company’s domain are added to your company directory.  If you have users with a Storable ID whose usernames match a validated directory that are not in your directory, those users will not be able to login.
• Access the Login Systems tab in Storable Portal Settings to add your identity provider.

I no longer own a domain, but the employees still work for me. How do I remove the domain but keep the employees?

Delete the domain from the login system, then reset each user’s password from the Users page. An alert icon will indicate the users were previously associated with a login system, but require a password reset to continue logging in. See Delete Domain.

If I disable a user in my system, do I need to disable them in the Storable Portal?

Yes, even though the user’s access is managed through your organization’s identity provider (OIDC) and they can no longer log in once disabled there, their user record still exists in Storable Portal. Deleting the user in Portal ensures:

• Data integrity: Prevents outdated or inactive user records from appearing in user lists, permissions settings, or audit reports.
• Security: Removes any cached permissions or role assignments that could persist after deactivation.
• Clean administration: Maintains consistent and aligned user management across your internal directory and the Storable Portal system.

If I want to add a new user, do I need to add them in the Storable Portal?

Yes. Please refer to our help article: User and Account Management in the Portal.
 

Storable ID Admins: Setting Up Login with Your IdP Credentials

If you’d like to give your employees the ability to use their company’s login credentials, you must enable Storable ID. First, follow the instructions in our Storable ID Enablement guide, which explains how to establish Storable ID for your organization. After Storable ID is enabled, see our Storable ID User Management guide, which explains how to add users, delete users, and more. 

If you have users with a Storable ID login, you can switch their login credentials to your company’s IdP. Follow the steps below to proceed.

Storable ID Existing Users: Adding a Login System

The Storable ID portal enables you to set up a new company login system. When you create a new login system, the users from your company’s login system will automatically identify the users with usernames matching their validated domains and associate them with their login system. Once users within your login system are associated with a valid domain, they can use your company’s login credentials to access the Storable Portal.

To create a new company login system, follow these steps:

In the Storable ID Portal, click the Login Systems tab. This screen displays your existing login systems and their domain verification status. Click Add Company Login System. 

Enter a unique name to reference your unique identity provider. In your identity provider system (outside of Storable), you’ll need to register Storable as a web app. In the app you configure within your identity provider, add the redirect URI to the allowed callback/redirect URLs. Click Copy Redirect URI to copy this information, and paste into your identity provider’s app.

Enter your Client ID, Client Secret, and Discovery URL. Click Fetch to retrieve this information.

If you don’t have a Discovery URL, click I don’t have a Discovery URL and enter the information for Issuer, Authorization URL, Token URL, JKWS URL, and User Info URL.

If your company’s login system doesn’t provide Multi-Factor Authentication (MFA) and you’d like to add it, check the box next to Enable Multi-Factor Authentication. 

Once your information is entered, check the disclaimer box and click Save Identity Provider Configuration. 

Once you’ve established your provider, you’ll then add your domain(s) that require authentication with your provider.

How to Add a Domain

Click the Login Systems tab to review your current login systems. Any recently configured login system will display a DNS Record Pending Verification tag in yellow. Click Edit in the Actions column to proceed.

Note: When first adding a domain, you will not see the DNS Record Pending Verification message for that domain. This message is applicable only after adding a Domain and the domain is not yet validated.
 

Scroll down to the Domain Association and Verification section. Enter your domain name and click Generate DNS TXT Record.  

Note: If you already have a domain and would like to add another one to your login system, click Add Another Domain.

Enter your domain name and click Generate DNS TXT Record.

In the Domain Association and Verification section, copy the Hostname and Value, and enter this information into your domain provider. Click Verify DNS Text Record. The system checks your domain’s DNS to ensure the record is present and matches the expected value. Once verified, the company login is activated for that domain.

If you added the DNS text record, you may see a DNS Record Verification Failed message. Most likely, the verification hasn’t processed yet. Return to the Domain Association and Verification section at any time to check on the status. Most domain verifications take a few minutes, but can take up to 48 hours.

Once the domain is verified, users associated with the domain will appear in the Users tab with the new login system’s domain name, and their Status is designated N/A. This means the user is sourced from a non-Storable login system, and Storable cannot access the user’s status.

How to Delete a Login System

Note: You cannot delete a login system or domain when it is the last remaining domain on a login system, or if you’re currently logged in with your company’s login system. To do this, you can create a separate user under another domain (using the Storable ID login system), and give that user the permission to manage login systems. You can then delete the login system with that user.

Note: When you delete a login system, users who rely on SSO will no longer be able to login or authenticate.  For that reason, we have implemented controls to prevent these risks.  

• Only users with the Portal permission Alter Authentication Settings can delete a login system.
• Users deleting a login system cannot have a username that matches the verified domains for that login system.. 
• There must be at least one primary account user with the Porta permission Can Manage Users permissions, and this user must be unassociated with the login system’s verified domains. 

Click the Login System tab. Identify the login system you’d like to delete and click the Delete button (next to the Edit button).

Enter the name of your Login System and click Delete Login System to confirm.

How to Delete a Domain

Click the Login Systems tab. Identify the login system which has the domain you’d like to delete and click Edit.

Scroll down to the Domain Association and Verification section and click the delete icon on the right-side of the screen. 

Enter your domain name and click Delete Domain to confirm.