Configuring Loggly Single Sign On (SSO) for Google
Step 1: Creating the Custom Group Attribute
From your Google Domain Admin select Users icon
Select ‘Manage Users Attribute’
Select ‘Add Custom Category’
Configure the Custom Category as follows and save.
Under ‘Users’ select a User to edit and “Manage user attributes”:
Add ‘Loggly Admins’ or ‘Loggly Users’ as the value to the ‘External Groups’ Attribute. You can use custom values but will need to provide Loggly the custom mapping. See Step 3.
Step2: Create SSO App
Select SAML App and click on ‘+’ to add new SAML App:
On the page that opens select “Add a service/App to your domain and then “Setup My Own Custom App”:
On the ‘Google IdP Information’ screen, download the IDP metadata under ‘Option 2’. We will need you to send the metadata to Loggly.
Name the application, e.g. ‘Loggly SSO’:
Add your relaying party information:
- ACS URL: https://<your subdomain>.loggly.com/sso/saml/do_sign_on
- Entity ID: https://<your subdomain>.loggly.com/sso/saml/metadata
- Start URL: https://<your subdomain>.loggly.com/login
Enter the following attributes (lastname, firstname, emails, groups):
Turn On the SAML App:
Step 3: Provide key information to Loggly
Provide the following information to Loggly (captured in the previous 2 steps):
- IDP metadata file
- Group mapping information (optional). See Step 1.
Loggly controls user access through SSO via group membership mappings. In order to access the product, each user must be a member of at least one mapped group. Groups may map to one of two privilege levels, “user” or “administrator”. A user belonging to multiple groups will receive the highest privileges among any of their groups.
If you don’t wish to provide this information, we will use the following default mapping: