Sumo Logic
Sumo Logic offers both IdP-initiated SAML SSO (for SSO access through the Admin Portal) and SP-initiated SAML SSO (for SSO access directly through the Sumo Logic web application). You can configure Sumo Logic for either or both types of SSO.
Sumo Logic Requirements for SSO
Before you configure the Sumo Logic web application for SSO, you need the following:
-
An active Sumo Logic account for your organization.
-
An Assertion Consumer Number ID assigned by Sumo Logic.
-
A signed certificate.
-
You can either download one from Admin Portal or use your organization’s trusted certificate.
-
Contact information for Sumo Logic support (to enable and test the SSO feature on your account).
Adding Sumo Logic in Admin Portal
To add the Sumo Logic application in Admin Portal:
-
In Admin Portal, click Apps, then click Add Web Apps.
The Add Web Apps screen appears.
-
On the Search tab, enter the partial or full application name in the Search field and click the search icon.
-
Next to the application, click Add.
-
In the Add Web App screen, click Yes to confirm.
Admin Portal adds the application.
-
Click Close to exit the Application Catalog.
The application that you just added opens to the Application Settings page.
The description of how to choose and download a signing certificate in this document might differ slightly from your experience. See Choose a Certificate File for the latest information.
-
Keep this browser tab open to the Application Settings page for the Sumo Logic app.
Configuring Sumo Logic for Single Sign-On
The following steps are specific to the Sumo Logic application and are required in order to enable SSO for Sumo Logic. For information on optional configuration settings available in the Centrify Admin Portal, see Optional Configuration Settings.
To configure Sumo Logic for SSO:
-
In a new browser window, go to the following URL and sign in as Admin:
https://service.sumologic.com
It is helpful to open the Sumo Logic web application and the Centrify Admin Portal Application Settings window simultaneously to copy and paste settings between the two browser windows.
-
Go to Manage > Security.
-
Click the SAML button.
-
Copy and paste the following information from the Sumo Logic web page to the Application Settings page in Admin Portal
The red arrows in the tables below indicate the direction of the copy and paste operation between the two windows. For instance, the first arrow in the table below indicates that you copy the content from the indicated field on the Sumo Logic website and paste it into the corresponding field in the Privileged Access Service Admin Portal.
Admin Portal >Application Settings Copy/Paste Direction Sumo Logic web application What you do Assertion Consumer Number ID N/A Enter the Assertion Consumer Number ID you received from Sumo Logic. If your Assertion Consumer URL is https://service.sumologic.com/sumo/saml/consume/123456, enter 123456 here. -
Select a configuration or create a new one and click Configure.
-
Enter the name of your organization as the Configuration Name.
-
Configure the following settings (in the Sumo Logic web application and the Centrify Admin Portal Application Settings window):
Admin Portal >Application Settings Copy/Paste Direction Sumo Logic web application What you do Issuer Issuer Copy the Issuer from Admin Portal and paste it here. Authn Request URL Copy the Authn Request URL from Admin Portal and paste it here. Download Signing Certificate X.509 Certificate 1. Click Download Signing Certificate on the Application Settings page in Admin Portal. 2. Open the file in a text editor. 3. Copy the entire contents of the file. 4. Paste it here. Logout Page (Optional) Logout Page 1. Check the box for Logout Page. 2. Copy the Logout Page from Admin Portal and paste it here. Roles Attribute (Optional) Roles 1. Check the box for Roles Attribute. 2. Enter roles. 2. Make sure it has the same name as the setAttribute with the role names to be set in the script on the Advanced page in Admin Portal. -
Click Account Mapping in the Admin Portal and see "Map User Accounts" for configuration details.
-
Click Save.
Sumo Logic Specifications
Each SAML application is different. The following table lists features and functionality specific to Sumo Logic.
Capability | Supported? | Support details |
---|---|---|
Web browser client | Yes | |
Mobile client | No | |
SAML 2.0 | Yes | |
SP-initiated SSO | Yes | |
IdP-initiated SSO | Yes | |
Force user login via SSO only | No | Username-password login remains available after SSO is enabled. |
Separate administrator login after SSO is enabled | No | |
User or Administrator lockout risk | No | |
Automatic user provisioning | Yes | Log in to https://service.sumologic.com as Administrator and go to Manage > Security to configure On Demand provisioning. |
Multiple User Types | Yes | Admin user End users |
Self-service password | Yes | Users can reset their own passwords. Resetting another user’s password requires administrator rights. |
Access restriction using a corporate IP range | Yes | You can specify an IP Range in the Admin Portal Policy page to restrict access to the application. |