Skip to main content
Sumo Logic

Integrate Sumo with AWS Single Sign-On

Learn how to configure  AWS Single Sign-On for Sumo Logic.

 enterprise.png

This page has instructions for configuring AWS Single Sign-On with Sumo Logic. The steps require a Sumo Logic Enterprise subscription. 

Step 1: Create a AWS Single Sign-On Application 

  1. Open the AWS Management Console.
  2. Go to the AWS Single Sign-on Service.
  3. Select Applications from the left navigation.
  4. Click Add a New Application
  5. Search the AWS SSO Application Catalog for "Sumo Logic".

    add-new-application.png
     
  6. Click on the matching Sumo Logic application.
  7. Click the Add application button.
  8. The Configure Sumo Logic page appears. 

    configure-sumologic.png
  9. Click Download Certificate in the AWS SSO Metadata section of the page. You'll need the certificate later in this procedure. Keep the AWS configuration page open for now, as you'll need to access it to complete the AWS Single Sign-on configuration. 

Step 2: Configure SAML in Sumo Logic

This section has instructions for configuring basic SAML in Sumo Logic.

  1. Open a new browser window and login to your Sumo Logic account. 
  2. Go to Administration > Security > SAML.
  3. Click Add Configuration.

    sumo-saml-config-list.png    
  4. The Add Configuration page appears.

    sumo-saml-config.png
     
  5. Configuration Name. Enter a name for the configuration, for example “AWS Single Sign-On”.
  6. Debug Mode. Select this option if you'd like to view additional details if an error occurs when a user attempts to authenticate. For more information, see View SAML Debug Information.
  7. Issuer. Paste in the AWS SSO Issuer URL from the AWS SSO Metadata section of your AWS SSO configuration. 
  8. X.509 Certificate. Open the certificate file you downloaded from AWS in a text editor. Copy all text from the file and paste it in here.  
  9. Attribute mapping. Select Use SAML Subject.
  10. On-demand provisioning. (Optional) If you configure this feature, Sumo Logic will create a new user’s account the first time the user accesses Sumo Logic using AWS Single Sign-on. To configure on-demand provisioning, you supply the First Name and Last Name attributes that AWS Single Sign-on uses to identify users, and the Sumo roles you want to assign to the accounts created.
    1. Click the On Demand Provisioning checkbox.

      on-demand-provisioning.png
       
    2. First Name. Enter: 
      FirstName 
    3. Last Name. Enter:
      LastName 
    4. On Demand Provisioning Roles. Specify the Sumo RBAC roles you want to assign when user accounts are first provisioned. (The roles must already exist in Sumo.) If you enter multiple roles, separate them with commas. For example:
      Analyst, CollectorManager
  11. Click Save
  12. To view the details of your configuration, select it the Configuration List.

    sumo-config-list.png
     
  13. Keep the panel open. When you complete the AWS Single Sign-on configuration below, you will copy the Assertion Consumer value into AWS Single Sign-on.
    assertion-consumer.png

Step 3: Complete SAML configuration in AWS Single Sign-on.

  1. Return to the Configure Sumo Logic page in AWS Single Sign-on.
  2. Paste the Assertion Consumer value from Sumo Logic into the Application ACS URL field in the Application Metadata section of the page. 

    application-metadata.png
  3. Click Save Changes
  4. On the Assigned Users tab of your new AWS SSO configuration, click Assign users

    assign-users.png
     
  5. Select the individual users or groups that you want to allow to sign into Sumo Logic using AWS SSO. If you have not previously configured AWS Single Sign on you may need to first add your users and groups, as described in AWS help:
    1. Add Users
    2. Add Groups
    3. Add Users to Groups
  6. Click Assign Users to complete the addition of your users to the configuration.

This completes the setup for AWS Single Sign-On to Sumo Logic. Your users should now be able to login to Sumo Logic from your AWS SAML Application page by clicking the SumoLogic tile.