Skip to content

Login methods

Early access

The new login experience documented on this page is in early access. Behavior may evolve before general availability.

Coralogix supports several sign-in methods so each team can balance day-to-day convenience with the controls their organization requires. Team admins decide which methods are allowed for each user, and the sign-in flow adapts to the URL you start from and your allowed methods.

Ready to get started?

See Local login for the email-and-password sign-in flow.

Sign-in options

Local login (email and password)

Each user has an email and password set up on their Coralogix account. After credentials are accepted, two-factor authentication runs if it is enrolled. Use this method for individuals, small teams, and break-glass access on accounts that primarily use SSO.

See Local login.

Single sign-on with SAML

Users authenticate through your existing identity provider. Coralogix supports standard SAML-based identity providers. Depending on how your organization is configured, you may be redirected automatically or asked to pick an identity provider. Use this method whenever your organization runs centralized identity.

If your team has more than one SAML identity provider configured, you pick which provider to sign in with at the credential step. Use this for identity provider migrations, MSSPs accessing multiple customer environments, and organizations with multiple identity domains.

See SSO with SAML. For teams with multiple identity providers, see Multiple SAML providers.

Two-factor authentication

A second verification step on top of email and password using a time-based one-time password (TOTP) authenticator app. 2FA applies at the user level and covers every team the user belongs to.

See Set up two-factor authentication.

How methods combine

Each user has an allowed login method, set by a team admin:

  • Local only — only email and password. SSO sign-in is blocked.
  • SSO only — only the configured identity provider. Local login is blocked.
  • Hybrid (SSO and local) — both methods are available. Use this for break-glass access on SSO-first teams.

A user's allowed methods can differ from the team default. If multiple identity providers are configured for the team, an SSO user picks the provider at sign-in. If two-factor authentication is enrolled or enforced, it runs after the credential step regardless of which method was used.

Sign-in entry points

The sign-in experience adapts to the URL you start from:

  • Team URL — for example, https://<team>.coralogix.com. Coralogix applies your team's allowed methods automatically. This is the preferred entry point, and most users arrive here from an invite email or a bookmark.
  • Generic dashboard URL — for example, https://dashboard.app.eu2.coralogix.com/#/login. You may need to pick an SSO provider manually, then pick a team after sign-in if you belong to more than one.

If you belong to multiple teams, Coralogix shows a team picker after the credential step. If you have no available teams, contact your team admin.

Audit visibility

Sign-in activity is recorded as audit events, including local-login attempts, SSO redirects and assertions, identity-provider selection, MFA challenges, and session creation. Each event captures the user, team, identity provider (where applicable), IP address, outcome, and timestamp. Use these to investigate access issues, monitor unusual sign-in activity, and meet compliance requirements.

Next steps

Try the email-and-password flow: Local login.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Create and manage groups
Next Local login