Integrate Sumo Logic with Okta
Availability
Account Type | Account Level |
---|---|
Cloud Flex | Trial, Enterprise |
Credits | Trial, Essentials, Enterprise Operations, Enterprise Security, Enterprise Suite |
Okta is a cloud-based identity management provider that can be integrated with Sumo Logic’s SAML 2.0 API to allow users to log into Sumo Logic using their Single Sign-On (SSO) credentials.
Before you start
- Read the "Limitations section" on Set Up SAML for Single Sign-On.
- If you plan to manage Sumo role assignments on Okta, before you proceed, make sure that you have:
- Configured an Okta group for each Sumo role, with the same name as the Sumo role. For example, you should have an “Administrator” group in Okta, just as you have an “Administrator” role in Sumo.
- Assigned your Sumo users to the appropriate Okta groups, based on the Sumo roles you want to assign to each user.
Install the Sumo Logic SAML App in Okta
- Open the Okta Administration pages.
- In the left-nav, select Applications > Applications.
- Click the Browse App Catalog button.
- Enter "Sumo Logic" in the search bar, and select the Sumo Logic SAML, SWA integration.
- On the Sumo Logic app overview page, select Add.
- On the General Settings tab:
- App label. Enter a name for the Sumo Logic integration app.
- Application Visibility. Use these options if you don’t want the Sumo Logic integration app to appear to users in the Okta portal or mobile app.
- Click Next.
- On the Sign-on Options tab, select View Setup Instructions.
- Follow the instructions on the View Setup Instructions page to configure the Sumo Logic SAML integration. The information that appears is similar to the content of the How to Configure SAML 2.0 for Sumo Logic in Okta help.
Configure Okta to send role assignments to Sumo (Optional)
In this step, you configure Okta to send group membership information in the SAML assertions it sends, so that Sumo Logic can assign roles to a user at each logon. This allows you to manage Sumo role assignments via Okta. If you don’t want to manage Sumo roles via Okta, skip these steps and proceed to Add Okta users to the Sumo Logic app in Okta below.
These instructions assume that:
- You have configured a set of groups on Okta whose names match the names of the roles defined in Sumo.
- You have assigned each user in Okta to the Okta groups that maps to the roles you want the user to have.
There are two sides to the configuration. You'll configure a Group Attribute Statement in Okta and a Roles Attribute in Sumo Logic, each with the same value.
- Select the Sign-On tab of your Sumo Logic application in Okta.
- Click Edit in the Settings.
- Click the arrow icon to the left of Attributes (Optional) to expand the attributes form.
- In the Group Attribute Statements section, enter a name for the attribute that will contain your Okta groups. For example, "roles". Note the name you supply will be used when configuring the Roles Attribute in your Sumo Logic SAML configuration.
- Name Format. Leave unspecified.
- Filter. In the left-side field, choose one of the options from the pulldown, to select the type of match expression you are going to enter:
- Starts with. Useful if all the names of the Okta groups with Sumo users all begin with the same string.
- Equals. Useful if there is a single Okta group for Sumo users.
- Contains. Useful if all the names of the Okta groups with Sumo users all contain the same string.
- Matches regex. Use this option if you can’t specify your groups using any of the other filter types. For example regex
Foo|A.*
will match the Okta group “Foo” and groups whose names begin with the letter “A”.
- Click Save at the bottom of the Create SAML Integration page.
- Go to Administration > Security > SAML in Sumo Logic.
- Click your Okta configuration in the Configuration List and then click the edit icon (
) in the details pane.
- Select the Roles Attribute checkbox and enter the name of the attribute name you created on the the Group Attribute Statements section above.
- Save the configuration.
Add Okta users to the Sumo Logic app in Okta
- In Okta, go to the Assignments tab for your Sumo Logic app.
- Click the Assign button and select either assign to people or assign to groups.
- Select the Assign link next to the users or groups you want to have access to Sumo Logic.
- Once all users or groups have been assigned, click Done.
The Sumo Logic app you configured should now appear on the users' Okta dashboard. To check that the integration works, have the user click the app icon, and verify that they are logged onto Sumo Logic.
Lock down SAML
If you want to force users to access Sumo Logic using SAML, as opposed to also being able to log in with a username and password, follow the instructions in this section.