Integrate Sumo Logic with Google Apps (G Suite) IAM Service
Availability
Account Type | Account Level |
---|---|
Cloud Flex | Trial, Enterprise |
Credits | Trial, Essentials, Enterprise Operations, Enterprise Security, Enterprise Suite |
This page has instructions for integrating Sumo Logic SAML with Google Apps IAM. This allows Sumo users to use Google Apps credentials to log into Sumo Logic using Single Sign-On (SSO).
For more information, refer to the Google Support documentation.
Before you start
For key information about SAML in Sumo, see the Limitations section of the "Set Up SAML for Single Sign-On" page.
Configure SSO for a Custom App
- Log into the Google Admin Console.
- Select Apps > SAML Apps.
- Select a new SAML app to be configured, or click the + at the bottom of the page.
- On the Enable SSO for SAML Application page, select Setup my own Custom App at the bottom of the page.
- The Google IdP Information page appears. Make note of the following URLs, as you will supply them when you configure SAML in Sumo:
- SSO URL. You'll enter this URL as the Authn Request URL when you perform the steps in Configure Sumo Logic SAML below.
- Entity ID. You'll enter this URL as the Issuer in Sumo Logic when you perform the steps in Configure Sumo Logic SAML below.
- Click Download for the Certificate.
- Click Next.
- In Basic Information for your Custom App page, enter the following:
- Application Name. Enter Sumo Logic.
- Description. Sumo Logic is the industry's leading, secure cloud-based log monitoring, management and analytics service that leverages big data for real-time IT insights.
- Upload Logo. Use sumologic.png
- Click Next.
Configure Sumo Logic SAML
- In the Sumo web app, go to Administration > Security > SAML.
- Click + Add Configuration to create a new configuration.
- The Add Configuration page appears.
- Configuration Name. Google Apps Auth (or, you can enter any name you like).
- Debug Mode. Not required. Activating this setting now is useful for troubleshooting later. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see View SAML Debug Information.
- Issuer. Enter the Entity ID from the Google IdP Information dialog.
- X.509 Certificate. Open the certificate file that you downloaded from the Google IdP Information dialog in a text editor. Copy and paste the contents into this field.
- Attribute Mapping. Select Use SAML attribute and type the email attribute name in the text box.
- SP Initiated Login Configuration. (Optional) This step has instructions for setting up SP-initiated login. When SP initiated login has been enabled, your SAML configuration will appear as an additional authentication option within your subdomain-enabled account login page.
- Authn Request URL. Enter the SSO URL from the Google IdP Information dialog.
- Disable Requested Authn Context. (Optional)If you check this option, Sumo will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
- Sign Authn Request. (Optional) If you select this option, Sumo will send signed Authn requests to your IdP. When you click this option, a Sumo-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to verify the signature of the Authn requests sent by Sumo.
- Roles Attribute. When you click this option, the Roles Attribute field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see Set Up SAML for Single Sign-On.
- On-Demand provisioning. Select this option and specify the following attributes to have Sumo Logic automatically create accounts when a user first logs on. For more information, see Set Up SAML for Single Sign-On.
- First Name Attribute. FirstName
- Last Name Attribute. LastName
- On Demand Provisioning Roles. Specify the Sumo RBAC roles you want to assign when user accounts are provisioned. (The roles must already exist.)
- Logout Page. Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see Set Up SAML for Single Sign-On.
- Click Add to save the configuration.
- To view the details of your configuration, select it the Configuration List. The right side of the page displays the Assertion Consumer and Entity ID. You'll need to provide these when you complete the Google SAML configuration.
Complete the Google SAML App Configuration
- Go back to the Google Auth Configuration – Service Provider Details dialog, and enter the following information:
- ACS URL. This is the Assertion Consumer from Sumo Logic
- Entity ID. This is the Entity ID from Sumo Logic
- Name ID. Basic Information – Primary Email
- Name ID Format. EMAIL
- Click Next.
- In the Attribute Mapping dialog, make the following selections:
- FirstName. Select Basic Information and First Name.
- LastName. Select Basic Information and Last Name.
- Email. Select Basic Information and Primary Email.
- Click Finish.
- The Settings for Sumo Logic page is displayed, and you should see the success message Setting up SSO for Sumo Logic. Click OK.
- To enable the Sumo Logic App for everyone, from the menu, select On for everyone.
- After a short delay, the new Sumo Logic SAML App will be displayed in your Google Apps login menu.