You can set up single sign-on (SSO) in Splunk Synthetic Monitoring using SAML 2.0 via Ping Identity. If you use a different identity provider, see Set up SSO in Splunk Synthetic Monitoring.
Prerequisites
- You need administrator access in your organization’s identity provider.
- Make sure all the users you want to add have access to Splunk Synthetic Monitoring. See Add users and groups to learn how to create accounts for new users.
- Check that all your users are assigned to the correct roles in Splunk Synthetic Monitoring, as Splunk Synthetic Monitoring does not inherit RBAC from your identity provider. See What Are The Types Of User Roles? to learn about roles.
Set up SSO in Splunk Synthetic Monitoring using Ping Identity
Follow these steps to set up SAML 2.0 login using Ping Identity:
- Add an application in Ping Identity
- Grant access to the application in Ping Identity
- Download the metadata XML from Ping Identity
- Configure SAML in Splunk Synthetic Monitoring
Add an application in Ping Identity
See the Ping Identity documentation for detailed instructions: https://docs.pingidentity.com/. Follow these steps to optimize your setup for use with Splunk Synthetic Monitoring:
- In the Ping Identity dashboard, go to Applications > My Applications > SAML.
- Click Add Applications > New SAML Application.
- When creating an application, choose Web app accessed within a browser.
- Choose SAML as the Connection Type.
- Provide a name and description you’ll associate with Splunk Synthetic Monitoring.
- In the Configure SAML Connection field, choose Manually enter.
- In the ACS URL field, enter the following URL: https://monitoring.rigor.com/saml/callback
- In the Signing key field, click the radio button for Sign assertion
- In the Entity ID field, enter the following URL: https://monitoring.rigor.com/saml/login
- You can leave the SLO Endpoint, Response Endpoint, and Verification Certificate fields blank, and keep the default under Subject named format.
- In the SLO Binding field, choose HTTP Post.
- In the Assertion validity duration field, enter 60 seconds, or another desired value.
- Save your application.
Grant access to the application in Ping Identity
Use the Access tab under your new application in Ping Identity to ensure the appropriate users and groups have access to the application.
Download the metadata XML from Ping Identity
- Under the Configuration tab of your new application in Ping Identity, click Download Metadata.
- Find and open the downloaded file using a text editor (e.g. TextEdit in Mac or Notepad in Windows; don’t use Pages or Word to prevent auto-formatting from corrupting the XML file)
- Copy the full text of the XML file.
Configure SAML in Splunk Synthetic Monitoring
- From the Admin Tools menu in Splunk Synthetic Monitoring, select SAML Configuration.
- Under Name, enter a name for the configuration.
- Under XML, paste the XML you copied from Ping.
- Verify the configuration by clicking the Verify button or choosing Verify from the gear icon menu.
- Once the configuration is verified, return to edit the configuration and check the box next to Enable. A modal box appears to confirm you want to enable the configuration, which will log you and all users out of the account.
- To log back in, enter your Splunk Synthetic Monitoring username in the Splunk Synthetic Monitoring login page and click Next. If SSO is configured correctly, Ping Identity opens to complete the login.
Once SAML login is set up, users are asked to re-authenticate via Ping Identity every 12 hours. After they re-authenticate, users return to their active session.