Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Configuring the Azure Active Directory SSO Integration

    Last updated on 04 January, 2024

    Overview

    Before you can use the Microsoft Azure Active Directory (AD) IdP for Single Sign On (SSO), you must add the LogicMonitor app to Azure AD and configure the SSO integration.

    Adding the LogicMonitor App to Azure AD

    1. Sign in to the Azure portal and navigate to Azure Active Directory.
    2. On the left navigation pane, select Enterprise applications and then select All applications.
    3. Select New application.
    4. From the Browse Azure AD Gallery page, enter “LogicMonitor” in the Search application field.
    5. Select LogicMonitor from the results and then click Create.

    The app is added to your tenant.

    Configuring Azure AD SSO for LogicMonitor

    1. In the Azure portal, navigate to the LogicMonitor app you just added.
    2. Click Set up single sign on.
    1. From the Users and groups page, add the users or user groups that will use SSO to log in to your LogicMonitor portal.
    2. Select SAML as the single sign on method.
    3. From the Basic SAML Configuration pane, click Edit.
    4. Enter the following information:
      • Identifier (Entity ID)—The URL of your LogicMonitor portal
      • Reply URL (Assertion Consumer Service URL)—The following URL, replacing “yourportalname” with the correct name of your LogicMonitor portal: https://yourportalname.logicmonitor.com/santaba/saml/SSO/
      • Sign on URL— For more information, see the Entering the Sign on URL section.
    1. Click Save.
    2. From the User Attribute & Claims panel, click Edit.
    3. Select Add a group claim.
    4. Select Security groups.
    5. From the Advanced options settings, select the Customize the name of the group claim and Emit groups as role claims checkboxes.
    1. Click Save.
    2. Download the Federation Metadata XML file.

    For information on how to configure SSO if you are using Microsoft Azure Active Directory (AD) IdP, see Single Sign On.

    Entering the Sign-On URL

    Use case 1: Disabled Multi Idp Support

    If you have disabled the Multi Idp support option, enter one of the following URLs in the Sign-on URL field:

    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=&url=
    or
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login
    or
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

    Azure Sign in URL

    Use case 2: Enabled Multi Idp Support

    If you have enabled the Multi Idp support in Settings > User Access > Single Sign On. Enter the following URL in the Sign-on URL field:
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

    Azure SSO Sign-in URL use case 2

    Note: The <userDomain> must match with the domain name mentioned in the LogicMonitor SSO configuration.

    Azure SSO User Access page

    Configuring LogicMonitor SSO for Azure AD

    1. In the LogicMonitor portal, navigate to Single Sign On from the Settings menu.
    2. Select the Enable Single Sign On checkbox.
    3. Select a role from the Default Role Assignment dropdown menu.
    4. From the Identity Provide Metadata, click Upload and select the XML file you downloaded in the previous section.
    5. (Optional) To force users to authenticate using SSO, select the Restrict Single Sign On checkbox.
    6. (Optional) Select a number of days to allow users to remain signed in for.
    7. (Optional) Enable Single Logout (SLO).
    8. Click Save.

    Testing the Integration

    1. In the Azure portal, select Single sign on from the left navigation pane.
    2. From the Test single sign on with LogicMonitor panel, click Test.
    3. Select Sign in as someone else.
    1. When prompted, log in as a user who was assigned the LogicMonitor app in Azure AD.

    If the integration was configured correctly, the user is logged in to the LogicMonitor portal and a new user is created in LogicMonitor with the default role you selected in the previous section.

    In This Article