Lightstep provides an integration with OneLogin that allows OneLogin to handle user authentication. Once you integrate with OneLogin and configure for single sign on (SSO), users can sign in to Lightstep either from OneLogin (IdP-initiated) or Lightstep (SP-Initiated).
Supported Features
Lightstep currently supports the following SAML features:
- IdP-initiated SSO: Users log into OneLogin and then select the Lightstep app and are signed in.
- SP-initiated SSO: Users log into Lightstep and OneLogin authenticates the user.
- JIT (Just In Time) Provisioning: Once the user is assigned to Lightstep in OneLogin, they can provision a new Lightstep account upon first login.
Prerequisites
You’ll need the following to integrate Lightstep with OneLogin:
- An admin OneLogin account in an organization with SAML privileges.
- An admin Lightstep user.
- A default user role configured in Lightstep. This is the role that will be assigned to all OneLogin users (you can change it in Lightstep).
Integrate and Configure Lightstep with OneLogin
- From the Admin Portal in OneLogin, add the Lightstep application to your OneLogin account.
- Click on the Lightstep application to configure the application.
- In the upper right, under More Actions, click SAML metadata.
You need an XML blob to configure communication between OneLogin and Lightstep. - Copy the XML blob to your clipboard.
- In Lightstep, navigate to Account Settings.
- Click the SSO tab and paste the blob into the IDP metadata (XML) box.
- Click Save.
ARelayState
value is generated and displayed in the RelayState field. - Copy the
RelayState
value to your clipboard. - Back in OneLogin, go to the Configuration tab and paste
RelayState
value into the Default Relay State field and save.
Enable SSO
When you enable SSO, users can sign into Lightstep either from the OneLogin or from Lightstep. You can assign Lightstep either to roles or to specific users.
To enable SSO for a OneLogin role:
In OneLogin as an admin, go to the Access tab and select the roles to have Lightstep access.
To enable SSO for a OneLogin user:
- In OneLogin as an admin, go to the users page and search for the user you want to assign to Lightstep.
- In their profile, click the Applications tab.
- Click the Plus next to Applications, select Lightstep from the dropdown, and click Continue to give the user access.
Sign In to Lightstep from OneLogin
Once you’ve assigned a user to Lightstep in OneLogin, the Lightstep app displays in their dashboard. They can double-click the icon to log into Lightstep
Sign In to Lightstep from Lightstep
Once you’ve assigned a user to Lightstep in OneLogin, they can also log in directly from Lightstep.
With SSO enabled, users must sign in from the SAML SSO tab.
To sign in from Lightstep
- Navigate to http://app.lightstep.com.
- Click the SAML SSO tab and enter the email used to create the Lightstep user in OneLogin.