Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Configuring the Azure Active Directory SSO Integration

Last updated on 21 October, 2024

Overview

Before you can use the Microsoft Azure Active Directory (AD) IdP for Single Sign On (SSO), you must add the LogicMonitor app to Azure AD and configure the SSO integration.

Adding the LogicMonitor App to Azure AD

  1. Sign in to the Azure portal and navigate to Azure Active Directory.
  2. On the left navigation pane, select Enterprise applications and then select All applications.
  3. Select New application.
  4. From the Browse Azure AD Gallery page, enter “LogicMonitor” in the Search application field.
  5. Select LogicMonitor from the results and then click Create.
Azure AD SSO page

The app is added to your tenant.

Configuring Azure AD SSO for LogicMonitor

  1. In the Azure portal, navigate to the LogicMonitor app you just added.
  2. Click Set up single sign on.
Setup SSO for Azure AD page
  1. From the Users and groups page, add the users or user groups that will use SSO to log in to your LogicMonitor portal.
  2. Select SAML as the single sign on method.
  3. From the Basic SAML Configuration pane, click Edit.
  4. Enter the following information:
    • Identifier (Entity ID)—The URL of your LogicMonitor portal
    • Reply URL (Assertion Consumer Service URL)—The following URL, replacing “yourportalname” with the correct name of your LogicMonitor portal: https://yourportalname.logicmonitor.com/santaba/saml/SSO/
    • Sign on URL— For more information, see the Entering the Sign on URL section.
Basic SAML configuration page
  1. Click Save.
  2. Select the User Attribute & Claims.
  3. Select Add a group claim.
  4. Select the group options. For information on group options, see Add group claims to tokens for SAML applications using SSO configuration.
  5. You can configure group claim to include the group display name for the cloud-only groups. For more information, see Emit cloud-only group display name in token.
  1. Click Save.
  2. Download the Federation Metadata XML file.

For information on how to configure SSO if you are using Microsoft Azure Active Directory (AD) IdP, see Single Sign On.

Entering the Sign-On URL

Use case 1: Disabled Multi Idp Support

If you have disabled the Multi Idp support option, enter one of the following URLs in the Sign-on URL field:

https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=&url=
or
https://COMPANYNAME.logicmonitor.com/santaba/saml/login
or
https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

Azure Sign in URL

Use case 2: Enabled Multi Idp Support

If you have enabled the Multi Idp support in Settings > User Access > Single Sign On. Enter the following URL in the Sign-on URL field:
https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

Azure SSO Sign-in URL use case 2

Note: The <userDomain> must match with the domain name mentioned in the LogicMonitor SSO configuration.

Azure SSO User Access page

Configuring LogicMonitor SSO for Azure AD

  1. In the LogicMonitor portal, navigate to Single Sign On from the Settings menu.
  2. Select the Enable Single Sign On checkbox.
  3. Select a role from the Default Role Assignment dropdown menu.
  4. From the Identity Provide Metadata, click Upload and select the XML file you downloaded in the previous section.
  5. (Optional) To force users to authenticate using SSO, select the Restrict Single Sign On checkbox.
  6. (Optional) Select a number of days to allow users to remain signed in for.
  7. (Optional) Enable Single Logout (SLO).
  8. Click Save.

Testing the Integration

  1. In the Azure portal, select Single sign on from the left navigation pane.
  2. From the Test single sign on with LogicMonitor panel, click Test.
  3. Select Sign in as someone else.
Test SSO for Azure AD page
  1. When prompted, log in as a user who was assigned the LogicMonitor app in Azure AD.

If the integration was configured correctly, the user is logged in to the LogicMonitor portal and a new user is created in LogicMonitor with the default role you selected in the previous section.

In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.