Configure SSO integrations for Splunk Observability Cloud 🔗
Splunk Observability Cloud provides SSO login service integrations that let your users log in using a third-party identity provider (IdP) that uses SAML SSO. Observability Cloud supports SSO initiated by the IdP.
Observability Cloud also supports SSO initiated by Observability Cloud, and this option lets your users log in to Infrastructure Monitoring using a custom URL you specify.
Observability Cloud supports the following SSO integrations:
Note about realms
A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the
us1 realm is
https://ingest.us1.signalfx.com, while the endpoint for sending data in the
eu0 realm is
When you see a placeholder realm name in the documentation, such as
<YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the left navigation menu in Observability Cloud, select , and select your username. The realm name appears in the Organizations section. If you don’t include the realm name when specifying an endpoint, Observability Cloud defaults to the
A custom URL is required to allow users to log in to Observability Cloud from your organization’s login page. If no custom URL is provided, users can still log in through the identity provider to access Observability Cloud.
When you configure a login service integration and select Show on login page, the login details for the service appear on your organization’s login page. You can have multiple SSO logins.
You can let users log in to Observability Cloud using a custom URL that you’ve selected, such as your_org.signalfx.com. The URL must be a subdomain of signalfx.com. To utilize a custom URL, contact Splunk Observability Cloud support and provide the following:
The subdomain you want to use.
The organization for which you want to use the custom URL.
An organization administrator’s email address.
Give your login service integration a name that your users recognize. On your custom login page, this name appears in the button your users select to sign in. For example, use the name “Log in with Okta” for an Okta login service integration.
When you integrate a login service with Observability Cloud, you need to provide information about the integration to the login service. Infrastructure Monitoring gives you an entity identifier (entity ID) that you provide when you configure the login service itself. The service uses the entity ID and other information to connect with Observability Cloud.
For multiple organizations, the login service needs an entity ID and other information for each organization. Observability Cloud can provide you with an integration-specific entity ID for the integration in each organization.
When you configure the login service, you provide the entity ID along with other information for each organization you want to connect using the login service. The steps for integrating with each supported login service include the optional steps for using integration-specific entity IDs.
The Google SSO integration doesn’t support integration-specific entity IDs.
You only need an integration-specific entity ID if you want to use the same IdP for multiple organizations.
General integration-specific entity ID steps
To get an integration-specific entity ID for an integration, do the following when you create the integration:
Log in to Splunk Observability Cloud.
In the left navigation menu, select.
Select Add Integration.
In the integration filter menu, select All.
In the Search field, search for the login service, and select it.
Select the Integration-specific Entity ID option. Next to this option, the entity ID displays in the form of a URI. Copy this URI and provide it when you configure the login service to communicate with Observability Cloud.