Docs » Authentication and Security » About SSO integrations for Splunk Observability Cloud » Configure a PingOne SSO integration

Configure a PingOne SSO integration 🔗

When you integrate PingOne with Splunk Observability Cloud, your users can log into Observability Cloud using PingOne.

Before you configure the OneLogin SSO integration, complete the steps in Configure SSO integrations for Splunk Observability Cloud. The section Name an SSO integration describes how to name your integrations.

Note

To integrate PingOne with Observability Cloud, you must be an administrator of your PingOne organization and your Observability Cloud organization.

Create a PingOne integration in Observability Cloud 🔗

Start by creating the PingOne integration in Observability Cloud. Follow these steps:

  1. Find the realm for your organization. To learn more, see View your realm, API endpoints, and organization.

  2. In the following URL, substitute the name of your realm for <REALM>, then navigate to https://<REALM>.signalfx.com/#/integrations/pingone

    1. Select New Integration.

    2. Copy the value of the system-supplied Integration ID so you can use it in a next step.

    3. If you want to display a name on the SSO login page, enter a value for Name. This name appears on the SSO login page for custom domains.

    4. If you want to display a name on the SSO login page, select Show on login page.

Create a SAML application for the PingOne integration in Observability Cloud 🔗

Next, in PingOne connect a SAML application to the PingOne integration instance in Observability Cloud. Follow these steps:

  1. Navigate to your PingOne console page. For example, navigate to https://console.pingone.com/?env=envId

  2. Select Connections from the side menu.

  3. Select Applications from the menu.

  4. To add a SAML application for the login, select the + icon.

  5. Enter an application name. For example, enter “Splunk Observability SAML”.

  6. In Application Type, select SAML Application.

  7. Select Configure

  8. In SAML Configuration, select Manually Enter.

  9. In ACS URLs, enter an Assertion Consumer Service (ACS) URL that contains the following information:

    • The realm for your organization

    • From the previous step, the integration ID for the PingOne integration

    The URL format is https://api.<REALM>.signalfx.com/v1/saml/acs/<INTEGRATION_ID>

    For example, enter https://api.example0.signalfx.com/v1/saml/acs/XXXXYYZZ

  10. For Entity ID, enter a URL to the ACS URL, but with a different ending path segment

    For example, enter https://api.example0.signalfx.com/v1/saml/metadata.

  11. Select Save

  12. Select your newly created application, then select Configuration from the sidebar.

  13. Select Download Metadata.

  14. Select Download Signing Certificate, then select the Privacy Enhanced Mail (PEM) file with the name X509 PEM.crt.

Enter the PingOne connection information in Observability Cloud 🔗

In Observability Cloud, update the integration instance with the information from PingOne. Follow these steps:

  1. In Observability Cloud, open the new PingOne integration instance you created in the previous section.

  2. In Certificate, select Upload File, then select the PEM file with the name X509 PEM.crt.

  3. In Metadata, select the metadata file you downloaded in a previous step.

  4. Select Save.

Create data mappings in PingOne 🔗

To provide SAML SSO login for PingOne, Observability Cloud needs additional information from PingOne data fields. To set up the data mapping from PingOne to Observability Cloud, follow these steps:

  1. Switch to the PingOne admin console.

  2. Select Attribute Mappings.

  3. Insert the following information in the PingOne text fields:

    • User.FirstName = Given Name

    • User.LastName = Family Name

    • User.email = Email Address

    • PersonImmutableID = User ID

  4. Select Save

  5. To enable the new PingOne SAML application, toggle the switch at the top of the page.

To learn more about mapping Observability Cloud data fields to PingOne data fields, see the Information required for generic SAML SSO integrations section in the Configure SSO using a generic SAML SSO integration topic.

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Available to prospective customers and free trial users

  • Ask a question and get answers through community support at Splunk Answers .

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

To learn about even more support options, see Splunk Customer Success .