SSO with SAML
Coralogix provides full SAML 2.0 support so you can integrate with your chosen IdP and manage your Coralogix users' SSO login in a centralized way. Here you can find the walkthrough process for integrating with the common IdPs in the market, don't hesitate to contact us via the chat bubble within our web app if you have any questions or comments.
Note
If you intend to follow this integration with a SCIM one, add the users through SCIM and make sure that any existing users are deleted before undertaking the SCIM integration. If necessary, you may leave one admin user.
Upon completion of the SCIM integration, recreate all users through SCIM.
Common IdPs for SAML Integration:
Integrate with Google as a SAML IdP
View dedicated Google instructions here.
Integrate with OneLogin as a SAML IdP
EU1 region
These instructions apply only to EU1 region-based users. Integration instructions for all other regions can be found in the following section.
STEP 1. Navigate to your administration panel and navigate to applications. Click on Add App button and choose Coralogix.
STEP 2. Choose a name to display (default is Coralogix), add a description if you'd like, and Save.
STEP 3. Coralogix also supports IdP-initiated flow enabling direct connection to Coralogix from your Onelogin App portal. To enable, once our connector is saved, go to Configuration and insert your Coralogix account company ID (in your Coralogix account, go to Settings > Send your data) into the RelayState dialog box. Click Save.
STEP 4. Download the SAML Metadata XML file.
STEP 5. Upload the metadata file to our web app via Settings -> Configure SAML.
Non-EU1 Region Users
STEP 1. Navigate to Applications and select Add App.
STEP 2. Search for and select SAML Test Connector (IdP).
STEP 3. Go to Configuration and add the details according to the following example. This particular example is for an EU2-based team.
STEP 4. Click Save. The newly prepared XML configuration may be uploaded to the relevant Coralogix team.
Integrate with Okta as a SAML IdP
Note: We strongly recommend setting up your Okta SSO using SCIM rather than SAML.
STEP 1. Create a new SAML 2.0 app integration. In Okta, navigate to Applications > Create App Integration > SAML 2.0. Click Next.
STEP 2. In General Settings, enter the App name used by Okta to display the application name to users (e.g., "Coralogix Production").
STEP 3. In Coralogix, navigate to Settings > Configure SAML.
Single sign-on URL > Assertion Consumer Service URL
Audience URI (SP Entity ID) > Service Provider Entity ID/Audience
Default RelayState >
<Company ID or Name of your Coralogix team>
Name ID Format should be set to EmailAddress
Once complete, click Next and complete the last stage. Click Finish.
STEP 4. Scroll down to SAML Signing Certificate, click on the Actions drop-down menu and select "View IdP metadata". Copy the metadata into a text file and save it as .xml.
STEP 5. Returning to the Coralogix SAML configuration, you must upload the file you just created by clicking Choose file and selecting it from where it was saved.
Note: You can change the Default Groups on first Sign-in to the group that you want to be assigned to users by default.
Integrate with Azure as a SAML IdP
STEP 1. Enter https://portal.azure.com/.
STEP 2. After logging into Azure, go to Azure Active Directory tab.
STEP 3. Select Enterprise applications service.
STEP 4. Choose 'New application'.
STEP 5. Choose 'Non-gallery application'.
STEP 6. Name it (for example, CoralogixSSO) and click Add.
STEP 7. Go to Configure single sign-on.
STEP 8. Select SAML-based Sign-on as the SSO mode.
STEP 9. Next, you will need to add Coralogix service provider details to the configuration in Azure as follows:
From Coralogix web app, go to Settings -> Configure SAML. Configure the following:
* Service Provider Entity ID/Audience
* Assertion Consumer Service URL
In the Azure portal (example paths):
STEP 10. If you would like to log in to a specific Coralogix team or account from your Azure SSO app directly, add the Coralogix team name to the Relay State
option, as part of your basic SSO configuration.
STEP 11. Choose 'user.mail' as the value for User Identifier.
STEP 12. At the bottom of the page in step 5, click Configure CoralogixSSO.
STEP 13. Scroll down to step 3 of the 'Configure CoralogixSSO for SSO section, and download the file named SAML XML Metadata.
STEP 14. Scroll up to the top of the SSO Configuration section and click Save.
STEP 15. Upload the metadata file to Coralogix web app via Settings > Configure SAML.
STEP 16. Click the Multiple teams button to create a unique ID for the team.
Integrate with JumpCloud as a SAML IdP
Find instructions here.
Login with SAML
After SAML has been activated for your account you may access it using SSO.
STEP 1. Enter Coralogix.com --> Login and insert your team name.
STEP 2. In the next window, choose SSO login (for example, SIGN IN WITH GOOGLE) to log as a user.
STEP 3. If the username you used to log in was used with Coralogix in the past (for example, the administrator wanted to block the access and removed the username), then it will be required by the administrator to approve it. In that case a request was sent to your administrator, wait for his invitation email.
Join request received by the administrator:
STEP 4. Administrator panel after receiving join request from a user, click Approve to send an invitation to the user.
Invitation sent to you:
Now you can enter Coralogix with SAML SSO.
STEP 3. Finalize any additional configuration or verification needed on Coralogix’s side.
Keycloak is an open-source identity and access management solution offering single sign-on (SSO) capabilities. It allows users to authenticate across multiple applications using a single set of credentials. Integrating Keycloak with Coralogix via SAML enhances security, streamlines user authentication, and centralizes identity management. This integration enables users to securely access Coralogix with their existing Keycloak credentials, simplifying access control and enhancing the overall user experience.
Integrate Keycloak SSO with Coralogix using SAML
Follow the steps below to successfully set up the SAML integration between Keycloak and Coralogix.
Prerequisites
Configure the following entities and parameters.
Keycloak:
Operational Keycloak server
Realm ready for the integration
Users in the realm
Coralogix:
Coralogix team
Coralogix team URL
Coralogix team ID number (Settings > Send Your Data)
Service Provider Metadata URL (Settings > Configure SAML)
Assertion Consumer Service URL (Settings > Configure SAML).
Client Certificate PEM, see details below
Keycloak configuration
STEP 1. In the Keycloak admin console, create a new realm or use an existing one for the integration.
STEP 2. Export SAML 2.0 identity provider metadata.
In the Keycloak admin console, navigate to Configure > Realm Settings.
Click SAML 2.0 Identity Provider Metadata.
Save the metadata as an XML file to be used for Coralogix configuration later.
STEP 3. Create a new client.
Go to Clients > Clients List and click Create.
Client type: SAML
Client ID:
<your\_CX\_team\_service\_provider\_metadata\_URL>
Name: Coralogix (or any other meaningful name)
Description (optional)
Configure client settings.
Root URL:
<your\_CX\_team\_URL>
Home URL:
<your\_CX\_team\_URL>
Valid redirect URIs:
<your\_assertion\_URL>
Valid post logout redirect URIs:
<your\_CX\_team\_URL>
IdP-initiated SSO URL name: leave empty
IDP Initiated SSO Relay State:
<your\_team\_ID\_number><Your Team ID number>
Master SAML Processing URL:
<Your CX Team Service Provider Metadata URL>
Adjust SAML capabilities.
After saving your changes, go to the Settings tab.
Under SAML capabilities, change the Name ID format to email.
Configure signature and encryption.
- In the Signature and Encryption section, enable Sign assertions.
Replace the default certificate.
Go to the Keys tab.
Verify that the Client signature required option is enabled.
Replace the existing certificate with the PEM certificate (public key) provided by Coralogix.
Important: This certificate contains the public key for Coralogix, used in SAML integrations to verify the identity of Coralogix and ensure secure, authenticated communication.
-----BEGIN CERTIFICATE-----
MIIDeTCCAmGgAwIBAgIUeDB+CHuqR0rEP0InQE3TN0fJjDMwDQYJKoZIhvcNAQEL
BQAwTDELMAkGA1UEBhMCICAxCjAIBgNVBAgMASAxEjAQBgNVBAoMCUNvcmFsb2dp
eDEdMBsGA1UEAwwUU0FNTCBTU08gQ2VydGlmaWNhdGUwHhcNMjQwNTMxMTUwMTU2
WhcNMjUwNTMxMTUwMTU2WjBMMQswCQYDVQQGEwIgIDEKMAgGA1UECAwBIDESMBAG
A1UECgwJQ29yYWxvZ2l4MR0wGwYDVQQDDBRTQU1MIFNTTyBDZXJ0aWZpY2F0ZTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKeTRA3lRNXyaZtzIaDvaA1V
x4B4qOPRF+795pY4UICzPvSScJFDqLcaxw2jpgrJ+sGCalo2V/2tvTX2rxke/qw0
W+91dhgCbgZZRORNdAUBtK6wVX4fpB3tSVf/X14diazkYX6Tt9JV36WOB/Dg91Ys
AqsbdSHJe8okJ9eodCFoL4tZrVC8+C2n2mdz9KsYBo8BhMl9arR5oxxX2rL22oBZ
7/5yqXKt1Z0664HPw5aAoP6jhpiAR69r84RI9ijtViErtc3u1JptYIDNMb6FeSxx
2CsoHrotasUWdq5j3Ly9ymIxWyfTmAJnk40tGLb58C2JkFZNy1rJ/qdmexpRAckC
AwEAAaNTMFEwHQYDVR0OBBYEFMPWQqrERDm+dFBbZiwcKOAg+hafMB8GA1UdIwQY
MBaAFMPWQqrERDm+dFBbZiwcKOAg+hafMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAJunYmEf4iELSC2ZCTuqij6Id5MLgSwpEwwScdaJwvI+qaVc
lJlaI8NNOblX76iOoRQg+JehF11p99BpRGGPGZdS56C0gUoXkpHLse5OeC9zfnwl
svdVZ+BKXUYTdKSNLkckr/+kl5gIngfh8WsfLfa99+oQXl5xFmhSo8G6gFT4yKGP
JHhMa65/fyWiPRIz4d9xOo2oUml92NGyedoi7pmijx8ZLJeiNr43PVhoWKfem8ZJ
5bAdDXvYl1Ga4Uw88lEUqnqwTIdfHQCIesr0+9X86LgimfEXnqg7q5EdZUXONQip
Gzd5gGpfOFukQeUfxqtDjBZNXqgdpDMK+3RSy8w=
-----END CERTIFICATE-----
Configure roles.
Go to Roles and create a new default role.
Add the necessary users/groups to this role.
Save the client configuration.
Coralogix configuration
STEP 1. In Coralogix platform, navigate to Settings > Account > Configure SAML and activate SAML.
STEP 2. Upload the Keycloak Identity Provider Metadata XML file that was exported earlier.
STEP 3. Finalize any additional configuration or verification needed on Coralogix’s side.