You can set up single sign-on (SSO) in Splunk Synthetic Monitoring using SAML 2.0 via Azure Active Directory (Azure AD). If you use a different identity provider, see Set up SSO in Splunk Synthetic Monitoring.
- Azure AD must be set up as your organization’s identity provider.
- You must be an administrator in your organization’s Azure AD account.
- Make sure all the users you want to add have access to Splunk Synthetic Monitoring. See Add users and groups to learn how to create accounts for new users.
- Check that all your users are assigned to the correct roles in Splunk Synthetic Monitoring, as Splunk Synthetic Monitoring does not inherit RBAC from your identity provider. See What Are The Types Of User Roles? to learn about roles.
Set up SSO login using Azure AD
Follow these steps to set up SAML 2.0 login using Azure Active Directory (AD):
- Add an enterprise application in Azure
- Assign a user to your application in Azure AD
- Set up single sign-on for your new application in Azure AD
- Set the user identifier to your user’s email in Azure AD
- Download the Federation Metadata XML from Azure AD
- Configure SAML 2.0 in Splunk Synthetic Monitoring
Add an enterprise application in Azure AD
See the Microsoft Azure documentation for detailed instructions: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal
- In the Azure Active Directory Admin Center, go to Enterprise Applications.
- Select Add > Add new application.
- Click Create your own application.
- Click the radio button to Integrate any other application you don't find in the gallery (Non-gallery).
- In the Register an application field, type a name you’ll associate with Splunk Synthetic Monitoring.
- Under Supported account types, click the radio button for Accounts in this organizational directory only (Directory only - Single tenant).
- You can leave Redirect URI blank for now.
- Click Register.
Assign a user to your application in Azure AD
See the Microsoft Azure documentation for detailed instructions: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users.
- Find the application you created in Step 1 above under Enterprise applications and select Users and groups from the menu.
- Click Add user/group. Click None Selected to open the user selection window.
- Search for and select the user you want to add.
Set up single sign-on for your new application in Azure AD
- Under Enterprise Applications, find and select the application you created in Step 1.
- Select Set up single sign on. On the next page, select SAML.
- Click Edit beside Basic SAML Configuration to open the editing tab. In the Identifier (Entity ID) field, delete the existing text and replace it with the following Splunk Synthetic Monitoring URL: https://monitoring.rigor.com/saml/login.
- In the Reply URL (Assertion Consumer Service URL) field, enter https://monitoring.rigor.com/saml/callback.
- In the Sign on URL field, enter https://monitoring.rigor.com/saml/login.
- Click Save to return to the Set up single sign on page.
Set the user identifier to your user’s email in Azure AD
- Under Attributes & Claims for the application you created in Azure AD, click Edit.
- Click the Unique User Identifier (Name ID) key under Claim name to open the Manage claim page.
- In the Name identifier format field, enter “Email address.”
- Select Attribute as the Source.
- Select user.mail as the value from the Source attribute dropdown menu.
- Click Save.
Download the Federation Metadata XML from Azure AD
- Under SAML Signing Certificate for the application you created in Azure AD, find the Download link for Federation Metadata XML, and click Download.
- Open the XML file using a text editor (e.g. TextEdit in Mac or Notepad in Windows; don’t use Pages or Word to prevent auto-formatting from corrupting the XML file).
- Copy the full text of the XML file.
Configure SAML in Splunk Synthetic Monitoring
- From the Admin Tools menu in Splunk Synthetic Monitoring, select SAML Configuration.
- Under Name, enter a name for the configuration.
- Under XML, paste the XML you copied from Azure AD.
- Verify the configuration by clicking the Verify button or choosing Verify from the gear icon menu.
- Once the configuration is verified, return to edit the configuration and check the box next to Enable. A modal box appears to confirm you want to enable the configuration, which will log you and all users out of the account.
- To log back in, enter your Splunk Synthetic Monitoring username in the Splunk Synthetic Monitoring login page and click Next. If SSO is configured correctly, Azure AD opens to complete the login.
Once SAML login is set up, users are asked to re-authenticate via Azure AD every 12 hours. After they re-authenticate, users return to their active session.