Lightstep Observability provides an integration with OneLogin that allows OneLogin to handle user authentication. Once you integrate with OneLogin and configure for single sign on (SSO), users can sign in to Lightstep Observability either from OneLogin (IdP-initiated) or Lightstep Observability (SP-Initiated).
Lightstep Observability currently supports the following SAML features:
- IdP-initiated SSO: Users log into OneLogin and then select the Lightstep Observability app and are signed in.
- SP-initiated SSO: Users log into Lightstep Observability and OneLogin authenticates the user.
- JIT (Just In Time) Provisioning: Once the user is assigned to Lightstep Observability in OneLogin, they can provision a new Lightstep Observability account upon first login.
You’ll need the following to integrate Lightstep Observability with OneLogin:
- An admin OneLogin account in an organization with SAML privileges.
- An admin Lightstep Observability user.
- A default user role configured in Lightstep Observability. This is the role that will be assigned to all OneLogin users (you can change it in Lightstep Observability).
Integrate and configure Lightstep Observability with OneLogin
- From the Admin Portal in OneLogin, add the Lightstep Observability application to your OneLogin account.
- Click on the Lightstep Observability application to configure the application.
- In the upper right, under More Actions, click SAML metadata.
You need an XML blob to configure communication between OneLogin and Lightstep.
- Copy the XML blob to your clipboard.
- In Lightstep Observability, navigate to Account Settings.
- Click the SSO tab and paste the blob into the IDP metadata (XML) box.
- Click Save.
RelayStatevalue is generated and displayed in the RelayState field.
- Copy the
RelayStatevalue to your clipboard.
- Back in OneLogin, go to the Configuration tab and paste
RelayStatevalue into the Default Relay State field and save.
When you enable SSO, users can sign into Lightstep Observability either from the OneLogin or from Lightstep Observability. You can assign Lightstep Observability either to roles or to specific users.
To enable SSO for a OneLogin role:
In OneLogin as an admin, go to the Access tab and select the roles to have Lightstep Observability access.
To enable SSO for a OneLogin user:
- In OneLogin as an admin, go to the users page and search for the user you want to assign to Lightstep Observability.
- In their profile, click the Applications tab.
- Click the Plus next to Applications, select Lightstep Observability from the dropdown, and click Continue to give the user access.
Sign in to Lightstep Observability from OneLogin
Once you’ve assigned a user to Lightstep Observability in OneLogin, the Lightstep app displays in their dashboard. They can double-click the icon to log into Lightstep
Sign in to Lightstep from Lightstep
Once you’ve assigned a user to Lightstep in OneLogin, they can also log in directly from Lightstep.
With SSO enabled, users must sign in from the SAML SSO tab.
To sign in from Lightstep Observability
- Navigate to http://app.lightstep.com.
- Click the SAML SSO tab and enter the email used to create the Lightstep Observability user in OneLogin.