You can set up single sign-on (SSO) in Splunk Synthetic Monitoring using SAML 2.0 via Okta. If you use a different identity provider, see Set up SSO in Splunk Synthetic Monitoring.
Prerequisites
- You must be an administrator in your organization’s Okta account, with Okta set up as your organization’s identity provider.
- Make sure all the users you want to add have access to Splunk Synthetic Monitoring. See Add users and groups to learn how to create accounts for new users.
- Check that all your users are assigned to the correct roles in Splunk Synthetic Monitoring, as Splunk Synthetic Monitoring does not inherit RBAC from your identity provider. See What Are The Types Of User Roles? to learn about roles.
Set up SSO login using Okta
Follow these steps to set up SAML 2.0 login using Okta:
- Add an application in Okta
- Assign user access to the application in Okta
- Copy the metadata XML in Okta
- Configure SAML in Splunk Synthetic Monitoring
Add an application in Okta
See the Okta documentation for detailed instructions: https://developer.okta.com/docs/. Follow these steps to optimize your setup for use with Splunk Synthetic Monitoring:
- In Okta’s Admin Console, go to Applications > Applications.
- Click Create App Integration.
- Choose SAML 2.0 as the sign-in method.
- Provide a name and description you’ll associate with Splunk Synthetic Monitoring.
- In the Configure SAML connection field, choose Manually enter.
- In the Single sign-on URL field, enter the following URL: https://monitoring.rigor.com/saml/callback
- In the Audience URI field, enter the following URL: https://monitoring.rigor.com/saml/login
- You can leave the Default RelayState field empty.
- In the Name ID format field, choose EmailAddress from the dropdown menu.
- In the App username field, enter Email.
- Save your application.
Assign user access to the application in Okta
In the Assignments tab in your new application in Okta, choose Assign > Assign to people and enter the email of the user you want to add. Ensure this email matches the email address they use to log into Splunk Synthetic Monitoring.
Copy the metadata XML in Okta
- Under the Sign on tab of your new application in Okta, click View Setup Instructions. A new tab opens with the setup instructions.
- In the new tab under Optional, copy the contents of the IDP metadata XML.
Configure SAML in Splunk Synthetic Monitoring
- From the Admin Tools menu in Splunk Synthetic Monitoring, select SAML Configuration.
- Under Name, enter a name for the configuration.
- Under XML, paste the XML you copied from Okta.
- Verify the configuration by clicking the Verify button or choosing Verify from the gear icon menu.
- Once the configuration is verified, Edit the configuration and check the box next to Enable. A modal box appears to confirm you want to enable the configuration, which will log you and all users out of the account.
- To log back in, enter your Splunk Synthetic Monitoring username in the Splunk Synthetic Monitoring login page and click Next. If SSO is configured correctly, Okta opens to complete the login.
Once SAML login is set up, users are asked to re-authenticate via Okta every 12 hours. After they re-authenticate, users return to their active session.