Configure an Okta SSO integration 🔗
The Okta SSO integration lets you log into Splunk Observability Cloud using Okta.
Before you begin to configure the Okta SSO integration, ensure you have completed the steps in Configure SSO integrations for Splunk Observability Cloud, including the section Name an SSO integration to learn about naming your integrations.
Caution
To follow this procedure, you must be an administrator of your Okta organization and an administrator of your Splunk Observability Cloud organization.
Open a browser tab or window for Splunk Observability Cloud, and another for Okta.
- Switch to Okta, then follow these steps to add Splunk Observability Cloud as an Okta application:
Select Admin, then select Applications
Select Add Application.
In the directory that appears, find for SignalFx, then add it by selecting Add.
- Switch to Splunk Observability Cloud:
Log in to Splunk Observability Cloud.
Open the Okta guided setup . Optionally, you can navigate to the guided setup on your own:
In the left navigation menu, select
.Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.
In the integration filter menu, select All.
In the Search field, search for Okta, and select it.
In the Name text box, enter the name of your integration.
Copy the Integration ID value. Even if you have multiple organizations that you want to integrate with Okta SSO, leave Integration-specific Entity ID deselected. The Splunk Observability Cloud Okta integration provides this automatically for multiple organizations.
- Switch back to Okta:
Paste the integration ID value into the Integration ID text box, then select Next.
Assign the SignalFx application to users in your Okta organization, then select Next.
Select Sign on, then select View Setup instructions.
- Copy the following strings from the instructions, and paste them into a text editor:
Public Key
Issuer URL
Metadata URL
Note
URLs must belong to Okta in order to validate. Accepted domains are okta.com
, oktapreview.com
, and okta-emea.com
.
- Switch to Splunk Observability Cloud to finish:
Copy and paste the Okta Public Key value into the Public Key text box.
Copy and paste the Okta Issuer URL value into the Issuer URL text box.
Copy and paste the Okta Metadata URL value into the Metadata URL text box.
Select Save. The message Validated! appears.
Note
If you get an error, check the values that you copied and pasted.
The Okta SSO integration is now available to users in your Okta organization. When users log in to Splunk Observability Cloud from Okta for the first time, they receive an email containing a link that they must open in order to authenticate. This only occurs the first time the user signs in. Subsequent login attempts don’t require validation.
If you want to turn off email authentication, contact Splunk Observability Cloud support.
Once you have a custom URL configured, your users can continue to log in using their existing username/password pair, or they can use their Okta credentials instead. Okta SSO authentication and Splunk Observability Cloud username/password authentication are independent.
Splunk Observability Cloud generates a password for users you create in Okta SSO. If the Okta login portal is unavailable, Splunk Observability Cloud users can use the reset password link on the Splunk Observability Cloud login page to get native Splunk Observability Cloud credentials.
If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.
Available to Splunk Observability Cloud customers
Submit a case in the Splunk Support Portal .
Contact Splunk Support .
Available to prospective customers and free trial users
Ask a question and get answers through community support at Splunk Answers .
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.