Docs » Authentication and Security » About SSO integrations for Splunk Observability Cloud » Configure SSO integrations for Splunk Observability Cloud

Configure SSO integrations for Splunk Observability Cloud đź”—

Splunk Observability Cloud provides SSO login service integrations that let your users log in using a third-party identity provider (IdP) that uses SAML SSO. Splunk Observability Cloud supports SSO initiated by the IdP.

Splunk Observability Cloud also supports SSO initiated by Splunk Observability Cloud, and this option lets your users log in to Infrastructure Monitoring using a custom URL you specify.

Splunk Observability Cloud supports the following SSO integrations:

Note

About realms

A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the us1 realm is https://ingest.us1.signalfx.com, while the endpoint for sending data in the eu0 realm is https://ingest.eu0.signalfx.com.

When you see a placeholder realm name in the documentation, such as <YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the navigation menu in Splunk Observability Cloud, select Settings, and select your username. Locate the realm name in the Organizations section If you don’t include the realm name when specifying an endpoint, Splunk Observability Cloud defaults to the us0 realm.

Provide a custom URL for accessing Splunk Observability Cloud

A custom URL is required to allow users to log in to Splunk Observability Cloud from your organization’s login page. If no custom URL is provided, users can still log in through the identity provider to access Splunk Observability Cloud.

When you configure a login service integration and select Show on login page, the login details for the service appear on your organization’s login page. You can have multiple SSO logins.

You can let users log in to Splunk Observability Cloud using a custom URL that you’ve selected, such as your_org.signalfx.com. The URL must be a subdomain of signalfx.com. To utilize a custom URL, contact Splunk Observability Cloud support and provide the following:

  • The subdomain you want to use.

  • The organization for which you want to use the custom URL.

  • An organization administrator’s email address.

Name an SSO integration

Give your login service integration a name that your users recognize. On your custom login page, this name appears in the button your users select to sign in. For example, use the name “Log in with Okta” for an Okta login service integration.

Integrate an identity provider with multiple organizations

When you integrate a login service with Splunk Observability Cloud, you need to provide information about the integration to the login service. Infrastructure Monitoring gives you an entity identifier (entity ID) that you provide when you configure the login service itself. The service uses the entity ID and other information to connect with Splunk Observability Cloud.

For multiple organizations, the login service needs an entity ID and other information for each organization. Splunk Observability Cloud can provide you with an integration-specific entity ID for the integration in each organization.

When you configure the login service, you provide the entity ID along with other information for each organization you want to connect using the login service. The steps for integrating with each supported login service include the optional steps for using integration-specific entity IDs.

The Google SSO integration doesn’t support integration-specific entity IDs.

Note

You only need an integration-specific entity ID if you want to use the same IdP for multiple organizations.

General integration-specific entity ID steps

Integrate an identity provider with multiple organizations

To get an integration-specific entity ID for an integration, do the following when you create the integration:

  1. Log in to Splunk Observability Cloud.

  2. In the left navigation menu, select Data Management.

  3. Go to the Available integrations tab, or select Add Integration in the Deployed integrations tab.

  4. In the integration filter menu, select All.

  5. In the Search field, search for the login service, and select it.

  6. Select the Integration-specific Entity ID option. Next to this option, the entity ID displays in the form of a URI. Copy this URI and provide it when you configure the login service to communicate with Splunk Observability Cloud.

This page was last updated on May 28, 2024.