Support

Loggly SSO – Azure

Configuration for Loggly Single Sign On (SSO) using Azure

Create a new Enterprise App

Open the “Enterprise applications” screen from the sidebar, then click the “+ New Application” button at the top of the screen.

Select “Non-Gallery Application”, choose a name, and click “Add”.

Configure SAML

 

Once you’ve added your new application and it’s opened up:

  • Select “Single sign-on” in the application’s menu
  • Under ‘Single Sign-on Mode’, select “SAML-based Sign-on”
  • For ‘Identifier’, enter: https://<your subdomain>.loggly.com/sso/saml/metadata
  • For ‘Reply URL’, enter: https://<your subdomain>.loggly.com/sso/saml/do_sign_on
  • For ‘User Identifier’, select “user.mail”.

Configure Claim Mappings

  • Check ‘View and edit all other attributes’ to access claim mappings
  • Remove all default mappings by selecting the menu labeled ‘…’ at the end of each row, and selecting the delete option.
  • Add the following four mappings using the ‘Add Attribute’ button at the bottom:
NAME VALUE
firstname user.givenname
lastname user.surname
email user.mail
groups user.assignedroles

Provide necessary metadata to Loggly

Under the ‘SAML Signing Certificate’ section, find the link title ‘Metadata XML’. Download this XML file, and send it by email to your Loggly contact.

Make sure to hit “Save” before exiting this screen.


Configure application roles

Go to the ‘Azure Active Directory’ app and select ‘App Registrations.’ Locate the app you registered for Loggly and open it.


On the app registration screen, open the Edit Manifest screen by clicking the pencil icon.

In the JSON file that opens to the right, add the values below to the “appRoles” array, after filling in the id fields with freshly generated GUIDs. (You can find a tool to generate GUID values at https://www.guidgenerator.com/). Don’t forget to hit “Save” when you’re done.

{
        "allowedMemberTypes": [
                "User"
        ],
        "displayName": "Loggly Users",
        "id": "REPLACE_ME",
        "isEnabled": true,
        "description": "Standard users for Loggly integration",
        "value": "users"
},
{
        "allowedMemberTypes": [
                "User"
        ],
        "displayName": "Loggly Admins",
        "id": "REPLACE_ME",
        "isEnabled": true,
        "description": "Administrators for Loggly integration",
        "value": "admins"
}

Return to ‘Enterprise applications’ and reopen your Loggly application from the list of configured applications. In the application screen, select ‘Users and groups’ and then select ‘Add user’.


On the ‘Add Assignment’ screen:

  • Select ‘Users and groups’. On the right-hand screen, select the individual users and/or internal Azure user groups you would like to grant access to loggly.
  • Select ‘Select Role’. On the right hand screen, select the “Loggly Users” role to grant the selected user(s) basic access to Loggly; select the “Loggly Admins” role to grant them administrator privileges.
  • Hit the “Assign” button.

Activate application

On the application screen, go to the ‘Properties’ menu. Set the option ‘Enabled for users to sign-in?’ to ‘Yes’.

Thanks for the feedback! We'll use it to improve our support documentation.