Configure a PingOne SSO integration đź”—
The PingOne SSO integration allows you to log into Observability Cloud using PingOne.
Before you begin configuring the OneLogin SSO integration, ensure you have completed the steps in Configure SSO integrations for Splunk Observability Cloud, including the section Name an SSO integration to learn about naming your integrations.
Note
To use this procedure, you must be an administrator of your PingOne organization and your Observability Cloud organization.
To set up your PingOne SSO integration, follow these steps:
Open a browser tab or window for Observability Cloud, and another for PingOne.
- In Observability Cloud, do the following:
Log in to Splunk Observability Cloud.
Open the PingOne guided setup. Optionally, you can navigate to the guided setup on your own:
In the left navigation menu, select .
Select Add Integration.
In the integration filter menu, select All.
In the Search field, search for PingOne, and select it.
In the Name text box, enter a name for your PingOne SSO integration.
Copy the value next to Integration ID so you can use it in a later step.
- In PingOne, do the following:
Select Applications. A list of your installed applications appears.
Select Add Application, and then select .
In the search field, enter SignalFx. Select the SignalFx application.
If the Setup is active, select it. A setup screen appears.
- If the Setup button is inactive, and you see the tooltip “You need to setup a connection first”, then you might need to connect to an Identity Repository. To connect to an Identity Repository:
At the top of the PingOne page, select Setup.
Select Connect to an Identity Repository.
Select the Identity Repository you want to use, select Next twice, then select Finished.
Select SignalFx, then select Setup.
Optional: Copy the configuration parameters to keep as a reference.
Select Continue to Next Step.
- Still in PingOne, continue the configuration:
In the ACS URL field, a URL similar to
https://api.signalfx.com/v1/saml/acs/<INTEGRATION_ID>appears.Replace
<INTEGRATION_ID>with the integration ID you copied in a previous step.Confirm that the ACS URL and Entity ID URLs refer to your Observability Cloud realm.
- If your Observability Cloud organization uses the
us0realm, enter the following: ACS URL:
https://api.signalfx.com/v1/saml/acs/<INTEGRATION_ID>Entity ID:
https://api.signalfx.com/v1/saml/metadata
- If your Observability Cloud organization uses another realm, enter the following:
ACS URL:
https://api.<YOUR_REALM>.signalfx.com/v1/saml/acs/<INTEGRATION_ID>Entity ID:
https://api.<YOUR_REALM>.signalfx.com/v1/saml/metadata
- If your Observability Cloud organization uses the
- In PingOne, select Continue to Next Step. The Attribute Mapping screen appears.
- For SAML_SUBJECT:
Select Advanced.
In the Name ID Format to send to SP dropdown list, select , then Save.
Select other attributes as needed.
- Select Continue to Next Step. The Group Access screen appears.
Select the users who should have access to Observability Cloud. Select Continue to Next Step. The customization screen appears.
Configure the SignalFx application, then select Continue to Next Step. The review screen appears.
- In the review screen that appears, do the following:
Locate the Certificate field, then select Download to download the pingone-signing.crt file to your computer.
Locate the SAML Metadata field, and then select the Download link to download the saml2-metadata-idp.xml file to your computer.
Finish. The PingOne Applications list appears. In the list, SignalFx appears as an active application.
- In Observability Cloud, do the following:
Locate the Certificate text box.
Select Upload File. A file system dialog box opens.
To upload the certificate file, select the pingone-signing.crt file you downloaded in a previous step.
After the upload, the text for Certificate changes to match the uploaded file.
Locate the Metadata text box:
Upload File. A file system dialog box opens.
To upload the metadata file, select saml2-metadata-idp.xml file you downloaded in a previous step.
After the upload, the text in the Metadata text box changes to match the uploaded file.
Save. Observability Cloud displays a Validated! message.
The PingOne SSO integration is now available to users in your PingOne application. When users use the integration for the first time, they receive an email containing a link that they must open in order to authenticate. This only occurs the first time the user signs in. Subsequent login attempts don’t require validation.
If you want to turn off email authentication, contact Splunk Observability Cloud support.
Once you have a custom URL configured, your users can continue to log in using their existing username/password pair, or they can use their Okta credentials instead. PingOne SSO authentication and Observability Cloud username/password authentication are independent.
Observability Cloud generates a password for users you create in PingOne SSO. If the PingOne login portal is unavailable, Observability Cloud users can use the reset password link on the Observability Cloud login page to get native Observability Cloud credentials.
Report an issue đź”—
Before you create an issue or open a support request, try gathering the following information:
What happened and the impact of the issue.
All the steps you’ve followed until the issue appeared.
What was the expected outcome.
Your attempts to solve the issue, including workarounds.
The operating system, runtime or compiler version, libraries, frameworks, and application servers of your environment, including your instrumentation settings.
Debug logs and other logs that might help troubleshoot the issue.
To get help, see Splunk Observability Cloud support.