Okta

How to Configure SAML 2.0 for Sumo Logic

Contents


Supported Features

The Okta/Sumo Logic SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Sign in to your Sumo Logic instance as an administrator.

  2. Go to Administration > Security > SAML, then click + Add Configuration.

  3. Enter the following:

    • Configuration Name: Enter a configuration name. For example, Okta.

    • Issuer: Copy and paste the following:

      Sign in to the Okta admin app to have this variable generated for you.

    • X.509 Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Attribute Mapping: Select Use SAML Subject.

    • SP Initiated Login Configuration: Check this box.

      • Authn Request URL: Copy and paste the following:

        Sign into the Okta Admin Dashboard to generate this variable.

      • Select Binding Type: Select POST.

    • On Demand provisioning: Check this box to support JIT (Just In Time) Provisioning.

      • First Name: Enter firstName

      • Last Name: Enter lastName

      • On Demand Provisioning Roles: Specify the Sumo Logic RBAC roles you want to assign when user accounts are provisioned. (The roles must exist in Sumo Logic). For example, Administrator.

    • Click Add:

    Enter SAML Config values in Sumo Enter SAML Config values in Sumo
  4. Still in Sumo Logic, select the configuration you just created.

    • Make a note of your Authentication Request, Assertion Consumer, and Entity ID values.

    • Require SAML Sign In: Turn this on if you need to disable username/password login for your users.

    • Allow these users to sign in using passwords in addition to SAML: Add users who you want to allow to sign in using passwords in addition to SAML.

    Copy your Authentication Request, Assertion Consumer, and Entity ID values
  5. In Okta, select the Sign On tab for the Sumo Logic SAML app, then click Edit.

    • Enter the Assertion Consumer and Entity ID values from step 4 into the corresponding fields.

    • Click Save.

  6. Done!


Notes

The following SAML attributes are supported:

SP-initiated SSO

Go to the Authentication Request URL (step 4).