SAML Management (via CLI)

The Coralogix CLI tool allows management of SAML SSO configuration by admin users. Actions supported on the CLI include viewing, initializing, activating, and deactivating SAML configuration. This capability makes it possible for SAML integration to be automated using scripts or other provisioning tools.

This tutorial will guide you on how to manage the SAML integration using the CLI tool.

Notes:

If you intend to follow this integration with our SCIM integration, delete any existing users before the SCIM integration is applied. If necessary, leave one admin user.
Upon completion of the SCIM integration, recreate all users through SCIM.

Getting started

Install the latest version of the Coralogix CLI
Teams API key (Fetch this from Account -> Settings -> API access)
User must have an admin role.

Environment variables

Example	Command
CORALOGIX_SAML_API_KEY	Teams API key

Note: When the environment variable is set, --api-key (-k) becomes an optional argument when using the tool.

Commands

details

This command displays SAML configuration for:: your Team.

activate

This command will activate SAML on your Team.

deactivate

This command will deactivate SAML on your Team.

init

This command will initialize SAML on Coralogix with metadata file from the IdP.

Note: Initializing SAML does not activate it. For SSO authentication to work, SAML needs to be activated (using activate command).

add-entity-id

This command adds your team-id to the SP Entity URL.

This will help uniquely identify the Coralogix SP on the IdP (required when you are configuring SAML for multiple teams with the same Identity Provider).

remove-entity-id

This command removes team-id from the SP Entity URL

generate-provisioning-token

This command generates the provisioning token

remove-provisioning-token

This command removes the provisioning token

Examples

Note: Examples below assume the api-key is provided as an environment variable.

Example	Command	Description
`cxctl saml --region details`	details	View SAML configuration details
`cxctl saml --region eu activate`	activate	Activate SAML for your team hosted on the EU cluster
`cxctl saml --region eu deactivate`	deactivate	Deactivate SAML for your team hosted on the EU cluster
`cxctl saml --region eu init /path/to/IdP-metadata.xml`	init	Initialize SAML for a team hosted on eu cluster using the metadata file from your IdP
`cxctl saml --region eu init /path/to/IdP-metadata.xml --add-entity-id --provisionToken`	init	- Initialize SAML for a team hosted on eu cluster using the metadata file from your IdP. - Append team-Id to the SP Entity-Id URL. - Generate a provisioning token.
`cxctl saml --region eu add-entity-id`	add-entity-id	Add entity-id to the service provider
`cxctl saml --region eu remove-entity-id`	remove-entity-id	Remove entity-id from the service provider
`cxctl saml --region eu generate-provisioning-token`	generate-provisioning-token	Generate provisioning token
`cxctl saml --region eu remove-provisioning-token`	remove-provisioning-token	Remove provisioning token

Options

Flags	Description	Mandatory / Optional
--region region -r region	Coralogix cluster hosting your account. Options available are: eu (EU1) se (EU2) us1 (US1) us2 (US2) in (API1) sg (AP2)	Mandatory when not using --custom-endpoint
--api-key api-key -k api-key	Teams API key from your account settings	Optional when the CORALOGIX_SAML_API_KEY environment variable is set
--custom-endpoint URL	URL to your Coralogix API endpoint. (Applies for customers with private-link integrations.)	Mandatory when --region is not provided
--add-entity-id	Add entity-id when the init sub-command is executed	Optional flag supported by the init sub-command only
--provisionToken	Generate the provisioning token when the init sub-command is executed	Optional flag supported by the init sub-command only
--help	Display help text

Team Management (via CLI)

Next Coralogix Terraform Provider