Alert Logic® uses Auth0 as the service provider for SAML single sign-on (SSO) federations. The following values are required by Auth0 to configure a new SAML SSO federation via an identity provider:
- Requestor and Identity Provider: The company or party that is requesting the new SAML SSO federation, as well as the identity provider. Ex: Acme Company, Okta or Acme Company, custom identity provider.
- SSO URL: Also referred to SAML Customer URL, SAML Callback URL, or Identity Provider Login URL. This is the identity provider URL that SAML requests will be sent to.
- Single Log Out URL: Auth0 enforces Single Log Out, but there is not always a dedicated Single Log Out URL for an identity provider. If none are provided, Auth0 defaults to use the SSO URL.
Note: As of now, there is no way to set up SAML through the Alert Logic user interface. To use a SAML provider, create a ticket with Alert Logic Support and include the information above. The completion of this process can take up to 28 days.
- The NameID in the SAML exchange should be a user's email address.
- There is no automatic provisioning of user accounts at this time. A user identified by the email address must already exist in the product in order to log in successfully.
- In order to log in to an Alert Logic product using a SAML SSO federation, the log in must be initiated by the customer identity provider.
- Any user that is authenticated by the identity provider must exist in the top-level customer account of the requester or in a descendant customer account of the top-level customer account.