Configuring Loggly Single Sign On (SSO) for Google

Step 1: Creating the Custom Group Attribute

From your Google Domain Admin select Users icon

Select ‘Manage Users Attribute’

Select ‘Add Custom Category’

Configure the Custom Category as follows and save.

Under ‘Users’ select a User to edit and “Manage user attributes”:

Add ‘Loggly Admins’ or ‘Loggly Users’ as the value to the ‘External Groups’ Attribute. You can use custom values but will need to provide Loggly the custom mapping. See Step 3.

Step2: Create SSO App

Select App:

Select SAML App and click on ‘+’ to add new SAML App:

On the page that opens select “Add a service/App to your domain and then “Setup My Own Custom App”:

On the ‘Google IdP Information’ screen, download the IDP metadata under ‘Option 2’. We will need you to send the metadata to Loggly.

Name the application, e.g. ‘Loggly SSO’:

Add your relaying party information:

• ACS URL: https://<your subdomain>.loggly.com/sso/saml/do_sign_on
• Entity ID: https://<your subdomain>.loggly.com/sso/saml/metadata
• Start URL: https://<your subdomain>.loggly.com/login

Enter the following attributes (lastname, firstname, emails, groups):

Turn On the SAML App:

Step 3: Provide key information to Loggly

Provide the following information to Loggly (captured in the previous 2 steps):

1. IDP metadata file
2. Group mapping information (optional). See Step 1.

Loggly controls user access through SSO via group membership mappings. In order to access the product, each user must be a member of at least one mapped group. Groups may map to one of two privilege levels, “user” or “administrator”. A user belonging to multiple groups will receive the highest privileges among any of their groups.

If you don’t wish to provide this information, we will use the following default mapping: