Sign up for a free Okta developer account at https://www.okta.com/developer/signup/.
Before you start
Read the "Limitations section" on Set Up SAML for Single Sign-On.
Create an Okta SSO app to connect to Sumo Logic
- Sign in to Okta.
- Click Admin to go to the Admin panel.
- Go to the Applications tab.
- Click Add Application to add an App.
- Click Create New App.
- Under App name, enter a name for your Sumo Logic app and click Next.
- Create the App with a temporary Single Sign On URL. You will get the real URL later during the Sumo Logic configuration, and come back to change it. The Audience URI (SP Entity ID) value is your own unique identifier. Leave the rest of the options as default.
- Click Next.
- For App Type select the check box This is an internal application that we created, to avoid publishing to third parties and Okta Verification.
- Click Finish.
- SSO parameters are now available. Click View Setup Instructions.
- Keep this tab open; it has the configuration parameters required for Sumo Logic SAML configuration.
Configure SAML in Sumo Logic
- Log into Sumo Logic as an administrator.
- Go to Administration > Security > SAML.
- Click Configure, and configure the SAML settings.
- Configuration Name. Type the name of the SSO policy (or another name used internally to describe the policy).
- Debug Mode. Select this option if you'd like to view additional details when an error occurs. For more information, see Using SAML Debug Mode.
- Issuer. Type the unique URL associated with your organization's SAML IdP. This is the Identity Provider Issuer from Step 12 in the previous section.
- Authn Request URL. Leave this blank.
- X.509 Certificate. Copy and paste your organization's X.509 certificate, which is used to verify signatures in SAML assertions. This is the Certificate, also from Step 12.
- SP Initiated Login Configuration. Activate the check box. Then copy the unique hash from the Issuer URL and paste it into the Login Path field.
- Attribute Mapping. Depending on your IdP, select:
- Use SAML subject, or
- Use SAML Attribute and then type the email attribute name in the text box.
- Roles Attribute: When you click this option, Roles Attribute field appears. Enter the SAML Attribute Name that is sent by the IdP as part of the assertion. For details, see Set Up Optional SAML features.
- On Demand Provisioning. Select this option to have Sumo Logic automatically create accounts when a user first logs on. For more information, see Set Up Optional SAML features.
- First Name
- Last Name
- On Demand Provisioning Roles. Add a role for all Okta users, such as Administrator.
- Logout Page: Select this option and enter a URL if you'd like to point all users to the URL after logging out of Sumo Logic. For more information, see Set Up Optional SAML Features.
- Click Add.
- View the summary of the SAML configuration parameters. Leave this dialog open so that you can use these settings in Okta.
Add Sumo Logic SAML Settings to Okta
- Go back to the Okta Admin Panel.
- Go to the General tab.
- Under SAML Settings, click Edit.
- Click Next.
- Change the Single Sign On URL to the Assertion Consumer value from your Sumo Logic SAML settings.
- Deselect the check box Use this for Recipient URL and Destination URL.
- For both Recipient URL and Destination URL, use the Authentication Request value from your Sumo Logic SAML settings.
- Click Next and then Finish.
Sumo Logic is now linked with Okta. Just remember to add all Okta users to the Sumo Logic Application in Okta.
Example from Edit SAML Configuration in Okta:
Add Okta users to the Sumo Logic App in Okta
- In Okta, go to the People tab.
- To create a new user, click Add.
- Enter the user’s details, then click Add Person.
- Go to the Application tab.
- Click the Assign Applications button.
- Assign new users to the application.
- Activate the new Okta Account via the automated email.
- Login to Okta.
- Click the application that you created and log into the Sumo Logic App in Okta.