Okta SSO Setup
Request SSO access from Logz.io
Only account admins can request single sign-on access for their accounts.
To configure SSO, send an email to help@logz.io or open a live chat once logged in. The message to Logz.io should include that you are looking to set up SAML SSO via Okta for Logz.io. Please make sure to include these items in the message:
- Your Logz.io account ID
- The last six characters of your account token
The Support team will provide the following connection details needed in Okta to configure the Logzio SAML Application.
- Single sign-on URL: https://logzio.auth0.com/login/callback?connection={CONNECTION-NAME}
- Audience URI (SP Entity ID): urn:auth0:logzio:{CONNECTION-NAME}
Each SSO group can be assigned to only one Logz.io account. To associate similar permissions with multiple Logz.io accounts, duplicate your SSO groups within your provider and assign these duplicates to the respective accounts.
Create Okta SAML Application for Logz.io
In Okta, click Admin button in top right corner. This will bring you to the Admin portal
Once in Admin portal, click Applications > Applications in the left hand navigation menu.
On the left side of the window, click Create App Integration.
Select SAML 2.0 option, and click Next.
Set your App name to “Logz.io” and add optional logo. Click Next to continue to the SAML Settings.
Paste the SAML information from Support
In Step 1, Logz.io support provided details needed within the SAML Settings. Please paste the following into your settings:
- Single sign-on URL: https://logzio.auth0.com/login/callback?connection={CONNECTION-NAME}
- Audience URI (SP Entity ID): urn:auth0:logzio:{CONNECTION-NAME}
Do not change the Default RelayState, Name ID format, or Application username
Next, please set Attribute Statements (optional) as follows:
- Set Name to “email”
- Set Name Format to “Unspecified”
- Set Value to “${user.email}”
Zip the SAML certificate
Once the SAML Application has been created, scroll down to SAML Signing Certificates.
Download the certificate file labeled “SHA-2” and click the Actions dropdown. Please then download the certificate.
Provide Logz.io Support the SAML information
Navigate to the Sign on methods, and under “Metadata URL” click More Details. Please copy the Sign on URL as this will be needed in the next step!
Send your SAML details to Logz.io
Either in the existing chat or email with Logz.io Support, respond with the following items:
- Zipped certificate (from step 4)
- Okta Single Sign-On URL (from step 5)
Once these items are provided, the team will apply the SSO connection to the accounts of your choosing. If a new thread is needed, please contact support.
(Optional) Restrict Logz.io access to specific groups
Using groups can help simplify user management as changes to group access are automatically applied to all members of the group in Okta. Follow the steps below to get started.
7A. Create new group in Okta
- In the left hand navigation menu of the Okta Admin portal, click Directory > Groups
- Click Add Group
- Name your group (ex: Logzio-Admins, Logzio-Users)
7B. Assign users to group
- After creating new group, click in and select Assign People
- After adding all users to group, select Done
7C. Assign Group to Logz.io Application
- Still in Directory > Groups select Applications
- Select Assign Applications
- Assign Logzio SAML App created in steps 1-3 above
7D. Modify Logzio SAML App to accept groups
- In the left hand navigation menu of the Okta Admin portal, click Applications > Applications
- Click on Logzio SAML Application created in steps 1-3
- Click “General” and edit the SAML Settings
- In Step 2 “Configure SAML”, scroll down to Group Attribute Statements (optional)
- Enter the following:
7E. Configure User Group in Logz.io
- In the left hand navigation menu of Logz.io, click Settings > Manage Users
- Toggle into “SSO Groups” and click + New SSO Group
- Add the group name from okta in step 7A.