Sign up for a free Okta developer account at https://www.okta.com/developer/signup/.

Before you start

Read the "Limitations section" on Set Up SAML for Single Sign-On.

Create an Okta SSO app to connect to Sumo Logic

  1. Sign in to Okta.
  2. Click Admin to go to the Admin panel. 
  3. Go to the Applications tab.
  4. Click Add Application to add an App. 
  5. Click Create New App.
  6. Under App name, enter a name for your Sumo Logic app and click Next.
  7. Create the App with a temporary Single Sign On URL. You will get the real URL later during the Sumo Logic configuration, and come back to change it. The Audience URI (SP Entity ID) value is your own unique identifier. Leave the rest of the options as default.
  8. Click Next.
  9. For App Type select the check box This is an internal application that we created, to avoid publishing to third parties and Okta Verification.
  10. Click Finish.
  11. SSO parameters are now available. Click View Setup Instructions.
  12. Keep this tab open; it has the configuration parameters required for Sumo Logic SAML configuration.

Configure SAML in Sumo Logic

  1. Log into Sumo Logic as an administrator.
  2. Go to Administration > Security > SAML.
    saml-config-list.png
  3. Click the plus (+) icon to create a new configuration.
  4. The Add Configuration page appears.
    saml-config.png
  5. Configuration Name. Type the name of the SSO policy (or another name used internally to describe the policy).
  6. Debug Mode. Select this option if you'd like to view additional details when an error occurs. For more information, see Using SAML Debug Mode.
  7. Issuer. Type the unique URL associated with your organization's SAML IdP. This is the Identity Provider Issuer from Step 12 in the previous section.
  8. X.509 Certificate. Copy and paste your organization's X.509 certificate, which is used to verify signatures in SAML assertions. This is the Certificate, also from Step 12.
  9. Attribute Mapping. Click Use SAML subject.
  10. SP Initiated Login Configuration. Activate the check box.
    1. Copy the unique hash from the Issuer URL and paste it into the Login Path field.
    2. Authn Request URL. Leave this blank.
    3. Disable Requested Authn Context. If you check this option, Sumo will not include the RequestedAuthnContext element of the SAML AuthnRequests it sends to your Idp. This option is useful if your IdP does not support the RequestedAuthnContext element.
  11. (Optional) Sign Authn Request. If you select this option, Sumo will send signed Authn requests to your IdP. When you click this option, a Sumo-provided X-509 certificate is displayed. You can configure your IDP with this certificate, to use to verify the signature of the Authn requests sent by Sumo. 
  12. Roles Attribute.  When you click this option, Roles Attribute field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see Set Up SAML for Single Sign-On.
  13. On Demand Provisioning. Select this option to have Sumo Logic automatically create accounts when a user first logs on. For more information, see Set Up SAML for Single Sign-On.
    1. Last Name. Enter lastName.
    2. First Name. Enter firstName.
    3. On Demand Provisioning Roles. Specify the Sumo RBAC roles you want to assign when user accounts are provisioned. (The roles must exist in Sumologic).
  14. Logout Page.Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see Set Up SAML for Single Sign-On.
  15. Click Add.
  16. View the summary of the SAML configuration parameters. Leave this dialog open so that you can use these settings in Okta.
    saml-config-details.png

Add Sumo Logic SAML Settings to Okta

  1. Go back to the Okta Admin Panel.
  2. Go to the General tab.
  3. Under SAML Settings, click Edit
  4. Click Next.
  5. Change the Single Sign On URL to the Assertion Consumer value from your Sumo Logic SAML settings.
    • Deselect the check box Use this for Recipient URL and Destination URL.
    • For both Recipient URL and Destination URL, use the Authentication Request value from your Sumo Logic SAML settings.
  6. Click Next and then Finish.

Sumo Logic is now linked with Okta. Just remember to add all Okta users to the Sumo Logic Application in Okta.

Example from Edit SAML Configuration in Okta:

Okta User Attributes.png

Add Okta users to the Sumo Logic App in Okta

  1. In Okta, go to the People tab. 
  2. To create a new user, click Add.
  3. Enter the user’s details, then click Add Person.
  4. Go to the Application tab.
  5. Click the Assign Applications button.
  6. Assign new users to the application.
  7. Activate the new Okta Account via the automated email.
  8. Login to Okta.
  9. Click the application that you created and log into the Sumo Logic App in Okta.