Configure SSO integrations for Splunk Observability Cloud đź”—
Splunk Observability Cloud provides SSO login service integrations that let your users log in using a third-party identity provider (IdP) that uses SAML SSO. Observability Cloud supports SSO initiated by the IdP.
Splunk Observability Cloud also supports SSO initiated by Observability Cloud, and this option lets your users log in to Infrastructure Monitoring using a custom URL you specify.
Splunk Observability Cloud supports the following SSO integrations:
Note
About realms
A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the us1 realm is https://ingest.us1.signalfx.com, while the endpoint for sending data in the eu0 realm is https://ingest.eu0.signalfx.com.
When you see a placeholder realm name in the documentation, such as <YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the navigation menu in Splunk Observability Cloud, select , and select your username. Locate the realm name in the Organizations section If you don’t include the realm name when specifying an endpoint, Splunk Observability Cloud defaults to the us0 realm.
A custom URL is required to allow users to log in to Observability Cloud from your organization’s login page. If no custom URL is provided, users can still log in through the identity provider to access Observability Cloud.
When you configure a login service integration and select Show on login page, the login details for the service appear on your organization’s login page. You can have multiple SSO logins.
You can let users log in to Observability Cloud using a custom URL that you’ve selected, such as your_org.signalfx.com. The URL must be a subdomain of signalfx.com. To utilize a custom URL, contact Splunk Observability Cloud support and provide the following:
The subdomain you want to use.
The organization for which you want to use the custom URL.
An organization administrator’s email address.
Give your login service integration a name that your users recognize. On your custom login page, this name appears in the button your users select to sign in. For example, use the name “Log in with Okta” for an Okta login service integration.
When you integrate a login service with Observability Cloud, you need to provide information about the integration to the login service. Infrastructure Monitoring gives you an entity identifier (entity ID) that you provide when you configure the login service itself. The service uses the entity ID and other information to connect with Observability Cloud.
For multiple organizations, the login service needs an entity ID and other information for each organization. Observability Cloud can provide you with an integration-specific entity ID for the integration in each organization.
When you configure the login service, you provide the entity ID along with other information for each organization you want to connect using the login service. The steps for integrating with each supported login service include the optional steps for using integration-specific entity IDs.
The Google SSO integration doesn’t support integration-specific entity IDs.
Note
You only need an integration-specific entity ID if you want to use the same IdP for multiple organizations.
General integration-specific entity ID steps
To get an integration-specific entity ID for an integration, do the following when you create the integration:
Log in to Splunk Observability Cloud.
In the left navigation menu, select .
Select Add Integration.
In the integration filter menu, select All.
In the Search field, search for the login service, and select it.
Select the Integration-specific Entity ID option. Next to this option, the entity ID displays in the form of a URI. Copy this URI and provide it when you configure the login service to communicate with Observability Cloud.