Support Using Loggly Loggly Single Sign-On (SSO)

Loggly Single Sign-On (SSO)

Overview

Loggly supports Single Sign-On for Enterprise tier accounts. Our standard SSO setup uses SAML 2.0 protocol and supports Active Directory Federation Services (ADFS). However, we support many popular identity providers (IDP). As long as your IDP can use SAML 2.0 protocol, it can be integrated with Loggly with fairly minimal effort.

How it works

When a user wants to log into Loggly, Loggly will check whether he or she is a member of one or more groups that your Loggly administrator has specified and will be granted access accordingly.

After the account is enabled with the SSO, users will have the option to log in via your company credentials or as a local user, as shown in the login screen below. We also offer an op-out setting where you can require corporate login for all accounts except for a select few.

Loggly Single Sign On

 

Local Account

 

In addition to accessing attributes like username, email, and user role from the directory, you can map a user role attribute or groups in the directory to Loggly user roles. However, you can still manage user roles in Loggly if this information isn’t part of your directory setup. You must have at least one non-SSO Loggly administrator who manages setup and API usage.

When new users join your company, Loggly automatically provisions their accounts upon their first Loggly login. The e-mail address in Loggly and within your corporate directory must match and be unique for us to map the accounts. If the directory is not controlling their role, they will initially have standard user level privileges. When you remove a user from your directory, that user’s Loggly access is also revoked.

Configure SSO for Your Organization

Loggly’s SSO capability is available to customers with Enterprise subscription plans. Loggly can integrate with a variety of solutions that support SAML such as:

  • Okta
  • Lastpass
  • ADFS
  • Google
  • OneLogin
  • Microsoft Active Directory (AD) (i.e., Windows Login)

To set up SSO for your organization, please contact our support team at support@loggly.com with details of your Identity Provider.  A Loggly support engineer will reach out to you to discuss the details necessary to complete the setup on the back-end.

Two-factor authentication (2FA)

Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they claim they are. For example, you may log in using your password in addition to a code sent to your phone.

If you have an Identity Provider (IDP) for SSO that supports 2FA, you can set this up to add an extra layer of security for accessing your Loggly account. There is nothing specific you need to do in Loggly, since it can be completely configured within your IDP. Please contact your IDP for help on how to configure 2FA or contact us at support@loggly.com.

 

 

Thanks for the feedback! We'll use it to improve our support documentation.