Lightstep Observability provides an integration with OneLogin that allows OneLogin to handle user authentication. Once you integrate with OneLogin and configure for single sign on (SSO), users can sign in to Lightstep Observability either from OneLogin (IdP-initiated) or Lightstep Observability (SP-Initiated).

Supported features

Lightstep Observability currently supports the following SAML features:

  • IdP-initiated SSO: Users log into OneLogin and then select the Lightstep Observability app and are signed in.
  • SP-initiated SSO: Users log into Lightstep Observability and OneLogin authenticates the user.
  • JIT (Just In Time) Provisioning: Once the user is assigned to Lightstep Observability in OneLogin, they can provision a new Lightstep Observability account upon first login.

Prerequisites

You’ll need the following to integrate Lightstep Observability with OneLogin:

Integrate and configure Lightstep Observability with OneLogin

  1. From the Admin Portal in OneLogin, add the Lightstep Observability application to your OneLogin account.
  2. Click on the Lightstep Observability application to configure the application. Lightstep Observability app in OneLogin
  3. In the upper right, under More Actions, click SAML metadata.
    You need an XML blob to configure communication between OneLogin and Lightstep.SAML page in OneLogin
  4. Copy the XML blob to your clipboard.
  5. In Lightstep Observability, navigate to Account Settings.Account Settings in nav bar
  6. Click the SSO tab and paste the blob into the IDP metadata (XML) box.SSO configuration in Lightstep Observability
  7. Click Save.
    A RelayState value is generated and displayed in the RelayState field.
  8. Copy the RelayState value to your clipboard.RelayState value in Lightstep Observability
  9. Back in OneLogin, go to the Configuration tab and paste RelayState value into the Default Relay State field and save.RelayState in OneLogin

Enable SSO

When you enable SSO, users can sign into Lightstep Observability either from the OneLogin or from Lightstep Observability. You can assign Lightstep Observability either to roles or to specific users.

To enable SSO for a OneLogin role:
In OneLogin as an admin, go to the Access tab and select the roles to have Lightstep Observability access.Assign roles to Lightstep Observability in OneLogin

To enable SSO for a OneLogin user:

  1. In OneLogin as an admin, go to the users page and search for the user you want to assign to Lightstep Observability.User listing in OneLogin
  2. In their profile, click the Applications tab. User profile page in OneLogin
  3. Click the Plus next to Applications, select Lightstep Observability from the dropdown, and click Continue to give the user access.Add Lightstep Observability to a profile

Sign in to Lightstep Observability from OneLogin

Once you’ve assigned a user to Lightstep Observability in OneLogin, the Lightstep app displays in their dashboard. They can double-click the icon to log into LightstepOneLogin dashboard with Lightstep app

Sign in to Lightstep from Lightstep

Once you’ve assigned a user to Lightstep in OneLogin, they can also log in directly from Lightstep.

With SSO enabled, users must sign in from the SAML SSO tab.

To sign in from Lightstep Observability

  1. Navigate to http://app.lightstep.com.
  2. Click the SAML SSO tab and enter the email used to create the Lightstep Observability user in OneLogin.Lightstep Observability sign in from SAML tab