Multi Sign-On

LogicMonitor’s Multi Sign-On solution enables administrators to add multiple tenants (IdPs) and manage users directly from their Identity Provider (IdP). This simplifies the login process and password management while providing the ability to take advantage of all of your IdP’s security features and efficiencies.

Note: To enable the Multi Sign-on feature, contact your Customer Success Manager (CSM).

Enabling Multi Sign-on

  1. Login to the LogicMonitor portal with admin rights.

  2. Navigate to Settings > User Access > Single Sign On.

  3. Select the Enable Single Sign On option to view Multi IdP support.

  4. Select Multi IdP support for providing access to multiple tenants.

  5. Click Download Service Provider Metadata.

  6. Click Add to add tenant information.
    A form will be displayed to enter the following tenant details:
  • Tenant Name – (Required) Enter the name of the tenant.

  • Email/Domain Name – (Required) Enter the email or domain name of the tenant.

Note: You can provide a list of multiple domains in comma-separated format. For example, abc.com,pqr.com,xyz.com

  • Default Role Assignment – (Required) Enter the required role for the tenant.

  • Identity Provider Metadata – (Optional) You can upload the identity provider metadata of the tenant.

  • Enable SSO: (Optional) Select the Enable SSO option if you want the tenant to use the Single Sign-On option.

Note: Only when you select the Enable SSO option, Enable Single Layout and Set as Default options are enabled for selection.

  • Allow users to remain signed in to mobile for – (Optional) You can select the number of days for the user to remain signed in to mobile from the drop-down list.

  • Click Save to save the details of the tenants.

Note: If you change the Multi Sign-On to Single Sign-On, the default IdP is set as the primary IdP, and other tenants are disabled. 

You must select at least one tenant to set as default IdP.

  1. Enable or disable the following options from the table grid:
    • Enable SSO
    • Enable SLO
    • Set as Default



  2. Click Save.

Note: You must at least have one tenant while enabling Multi IdP support.

Editing or Deleting Tenant IdPs

  1. Login to the LogicMonitor portal with admin rights.

  2. Navigate to Settings > User Access > Single Sign On.

  3. Select the Enable Single Sign On option to view Multi IdP support.

  4. Select Multi IdP support for providing access to multiple tenants.

  5. Click Edit or Delete on the extreme right side of the row, to edit or delete the tenant details.


Example

If you want to set up Single Sign-On for multiple tenants. You can enable the Multi IdP support option from the User Access page.

Once you enable Multi Idp support, the user will see the following login page:

The user can click Login with Single Sign-On to get redirected to the User Domain page.

Note: The user must provide the Email ID/ Domain Name provided while configuring tenants.
In addition, the RestrictSSO option becomes unavailable, once you enable the Multi Idp support option. The RestrictSSO option is only available in the Single Sign-On feature.