Docs » Authentication and Security » About SSO integrations for Splunk Observability Cloud » Configure a OneLogin SSO integration

Configure a OneLogin SSO integration 🔗

The OneLogin SSO integration lets your users log in to Observability Cloud using OneLogin.

Before you begin configuring the OneLogin SSO integration, ensure you have completed the steps in Configure SSO integrations for Splunk Observability Cloud, including the section Name an SSO integration to learn about naming your integrations.

Note

To use this procedure, you must be an administrator of your OneLogin organization and your Observability Cloud organization.

Open a browser tab or window for Observability Cloud, and another for OneLogin.

In OneLogin, do the following:
  1. Select Security > Certificates > New.

  2. Configure the certificate according to your organization security policy.

  3. Make sure to pick SHA256 or better for the algorithm in the Signature field.

  4. Copy the value of the X.509 certificate text box and and save it in a text editor so you can use it in the next steps.

  5. Add Observability Cloud by selecting Apps > Add Apps > SignalFx.

  6. In the dialog box, make any changes you want, then click Save.

  7. Select SSO to open the SSO configuration page.

  8. Select SHA-256 in the SAML Signature Algorithm box.

  9. Copy the value of the Issuer URL text box and save it in a text editor so you can use it in the next steps.

Back in Observability Cloud:
  1. Log in to Splunk Observability Cloud.

  2. Open the OneLogin guided setup . Optionally, you can navigate to the guided setup on your own:

    1. In the left navigation menu, select Data Management.

    2. Select Add Integration.

    3. In the integration filter menu, select All.

    4. In the Search field, search for OneLogin, and select it.

  3. In the Name text box, enter the name for your integration.

  4. Copy the Integration ID value.

Switch to OneLogin:
  1. Go to the Configuration tab, then paste the integration ID into the SignalFx ID text box.

  2. In the SignalFx subdomain, enter api.<YOUR_REALM>

In Observability Cloud:
  1. Copy the value of X.509 certificate from the text editor and paste it into the Public Key text box.

  2. Copy the value of Issuer URL from the text editor and paste it into the Issuer URL text box.

  3. Select Save. The message Validated! appears. If you get an error, check the values that you copied and pasted.

The OneLogin SSO integration is now available to users in your OneLogin App portal. When users use the integration for the first time, they receive an email containing a link that they must open in order to authenticate. This only occurs the first time the user signs in. Subsequent login attempts don’t require validation.

If you want to turn off email authentication, contact Splunk Observability Cloud support.

Once you have a custom URL configured, your users can continue to log in using their existing username/password pair, or they can use their OneLogin SSO credentials instead. OneLogin SSO authentication and Observability Cloud username/password authentication are independent.

Observability Cloud generates a password for users you create in OneLogin SSO. If the OneLogin portal is unavailable, Observability Cloud users can use the reset password link on the Observability Cloud login page to get native Observability Cloud credentials.

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Available to prospective customers and free trial users

  • Ask a question and get answers through community support at Splunk Answers .

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

To learn about even more support options, see Splunk Customer Success .