Support

Loggly SSO – Generic

Configuration for Generic Loggly Single Sign On (SSO)

Provide key information to Loggly

Obtain the following information from your Identity Data Provider (IDP) software interface:

  1. IDP entity ID: A URL which serves as the identifying name of your service.
  2. IDP SSO Endpoint : The URL to which users will be redirected to sign in.
  3. IDP Public Certificate: Provides cryptographic verification of your IDP’s authenticity. Must be provided to Loggly Base64 encoded (.pem) format.

Provide group mapping information to Loggly

Loggly controls user access through SSO via group membership mappings. In order to access the product, each user must be a member of at least one mapped group. Groups may map to one of two privilege levels, “user” or “administrator”. A user belonging to multiple groups will receive the highest privileges among any of their groups.

If you don’t wish to provide this information, we will use the following default mapping:

Group Name

Privilege

Loggly Users user
Loggly Admins administrator

At this point Loggly will create an SSO configuration for your subdomain, and notify you when it’s possible to move on to Stage 2.

Add Relying Party record

If your IDP software supports auto-configuration via URL, simply provide it your subdomain’s metadata URL:

<your subdomain>.loggly.com/sso/saml/metadata

If your IDP supports auto-configuration via XML upload, save the above page with a .xml extension and upload that file. Otherwise, these are the key pieces of information to enter into your configuration interface:

  1. Service Provider (SP) Entity ID: https://<your subdomain>.loggly.com/sso/saml/metadata
  2. SP SSO Endpoint: https://<your subdomain>.loggly.com/sso/saml/do_sign_on
  3. SP Login URL: https://<your subdomain>.loggly.com/login

Map Claim Attributes

Identity Assertions to Loggly must contain the following information. Depending on your IDP software’s interface, these mappings may be configured on a separate page with a name like “data mapping” or “claim rules.”

  1. Name ID
  2. lastname
  3. firstname
  4. emails
  5. groups

NOTE: Name ID is a built-in SAML data type. Depending on your IDP interface, it may be specified separately from other attribute mappings. 

The other field names (2-5) must be provided exactly as they appear here. In most IDP software packages, these must be entered as custom field mappings, even if they appear to match a dropdown options. (For example, an option labeled Email Addresses will not match “emails”.)

Thanks for the feedback! We'll use it to improve our support documentation.