Docs » Configure SSO integrations for Splunk Observability Cloud

Configure SSO integrations for Splunk Observability Cloud đź”—

Splunk Observability Cloud provides SSO login service integrations that let your users log in using a third-party identity provider (IdP) that uses SAML SSO. Observability Cloud supports SSO initiated by the IdP.

Observability Cloud also supports SSO initiated by Observability Cloud, and this option lets your users log in to Infrastructure Monitoring using a custom URL you specify.

Observability Cloud supports the following SSO integrations:

Note

Note about realms

A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the us1 realm is https://ingest.us1.signalfx.com, while the endpoint for sending data in the eu0 realm is https://ingest.eu0.signalfx.com.

When you see a placeholder realm name in the documentation, such as <YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the left navigation menu in Observability Cloud, select Settings, and select your username. The realm name appears in the Organizations section. If you don’t include the realm name when specifying an endpoint, Observability Cloud defaults to the us0 realm.

Provide a custom URL for accessing Observability Cloud

A custom URL is required to allow users to log in to Observability Cloud from your organization’s login page. If no custom URL is provided, users can still log in through the identity provider to access Observability Cloud.

When you configure a login service integration and select Show on login page, the login details for the service appear on your organization’s login page. You can have multiple SSO logins.

You can allow users to log in to Observability Cloud using a custom URL that you’ve selected, such as your_org.example.com. To set this up, contact Splunk Observability Cloud support and provide the following:

  • The URL you want to use.

  • The organization for which you want to use the custom url.

  • An organization administrator’s email address.

Name an SSO integration

Give your login service integration a name that your users recognize. On your custom login page, this name appears in the button your users select to sign in. For example, use the name “Log in with Okta” for an Okta login service integration.

Integrate an identity provider with multiple organizations

When you integrate a login service with Observability Cloud, you need to provide information about the integration to the login service. Infrastructure Monitoring gives you an entity identifier (entity ID) that you provide when you configure the login service itself. The service uses the entity ID and other information to connect with Observability Cloud.

For multiple organizations, the login service needs an entity ID and other information for each organization. Observability Cloud can provide you with an integration-specific entity ID for the integration in each organization.

When you configure the login service, you provide the entity ID along with other information for each organization you want to connect using the login service. The steps for integrating with each supported login service include the optional steps for using integration-specific entity IDs.

The Google SSO integration doesn’t support integration-specific entity IDs.

Note

You only need an integration-specific entity ID if you want to use the same IdP for multiple organizations.

General integration-specific entity ID steps

Integrate an identity provider with multiple organizations

To get an integration-specific entity ID for an integration, do the following when you create the integration:

  1. Log in to Splunk Observability Cloud.

  2. In the left navigation menu, select Data Management.

  3. Select Add Integration.

  4. In the integration filter menu, select All.

  5. In the Search field, search for the login service, and select it.

  6. Select the Integration-specific Entity ID option. Next to this option, the entity ID displays in the form of a URI. Copy this URI and provide it when you configure the login service to communicate with Observability Cloud.