Configure an Okta SSO integration 🔗
The Okta SSO integration lets you log into Observability Cloud using Okta.
Before you begin to configure the Okta SSO integration, ensure you have completed the steps in Configure SSO integrations for Splunk Observability Cloud, including the section Name an SSO integration to learn about naming your integrations.
Caution
To follow this procedure, you must be an administrator of your Okta organization and an administrator of your Observability Cloud organization.
Open a browser tab or window for Observability Cloud, and another for Okta.
- Switch to Okta, then follow these steps to add Observability Cloud as an Okta application:
Select Admin, then select Applications
Select Add Application.
In the directory that appears, find for SignalFx, then add it by selecting Add.
- Switch to Observability Cloud:
Log in to Splunk Observability Cloud.
Open the Okta guided setup. Optionally, you can navigate to the guided setup on your own:
In the left navigation menu, select .
Select Add Integration.
In the integration filter menu, select All.
In the Search field, search for Okta, and select it.
In the Name text box, enter the name of your integration.
Copy the Integration ID value. Even if you have multiple organizations that you want to integrate with Okta SSO, leave Integration-specific Entity ID deselected. The Observability Cloud Okta integration provides this automatically for multiple organizations.
- Switch back to Okta:
Paste the integration ID value into the Integration ID text box, then select Next.
Assign the SignalFx application to users in your Okta organization, then select Next.
Select Sign on, then select View Setup instructions.
Copy the following strings from the instructions, and paste them into a text editor: * Public Key * Issuer URL * Metadata URL
Note
URLs must belong to Okta in order to validate. Accepted domains are okta.com, oktapreview.com, and okta-emea.com.
- Switch to Observability Cloud to finish:
Copy and paste the Okta Public Key value into the Public Key text box.
Copy and paste the Okta Issuer URL value into the Issuer URL text box.
Copy and paste the Okta Metadata URL value into the Metadata URL text box.
Select Save. The message Validated! appears.
Note
If you get an error, check the values that you copied and pasted.
The Okta SSO integration is now available to users in your Okta organization. When users log in to Observability Cloud from Okta for the first time, they receive an email containing a link that they must open in order to authenticate. This only occurs the first time the user signs in. Subsequent login attempts don’t require validation.
If you want to turn off email authentication, contact Splunk Observability Cloud support.
Once you have a custom URL configured, your users can continue to log in using their existing username/password pair, or they can use their Okta credentials instead. Okta SSO authentication and Observability Cloud username/password authentication are independent.
Observability Cloud generates a password for users you create in Okta SSO. If the Okta login portal is unavailable, Observability Cloud users can use the reset password link on the Observability Cloud login page to get native Observability Cloud credentials.
Report an issue 🔗
Before you create an issue or open a support request, try gathering the following information:
What happened and the impact of the issue.
All the steps you’ve followed until the issue appeared.
What was the expected outcome.
Your attempts to solve the issue, including workarounds.
The operating system, runtime or compiler version, libraries, frameworks, and application servers of your environment, including your instrumentation settings.
Debug logs and other logs that might help troubleshoot the issue.
To get help, see Splunk Observability Cloud support.