Single Sign-On with AWS
Logz.io offers a quick integration for SSO with AWS.
Request SSO access from Logz.io
Only account admins can request single sign-on access for their accounts.
To set up your AWS SSO, you'll first need to email help@logz.io and write that you want to set up AWS SAML SSO for Logz.io.
Include these items in the message:
- Your Logz.io account ID.
- The last six characters of your account token
The Support team will respond with the connection information needed to set up your AWS SSO.
Set a custom SAML app in AWS
Log into your AWS SSO dashboard.
Click on Applications located on the left-hand menu. Then, click on Add a new application > Add a custom SAML application.
Name your application and give it a short description. Then, download the AWS SSO certificate.
Under Application properties, enter the Application start URL given to you by Logz.io, and set the Session duration to 12 hours.
Next, in Application metadata, click on the link located underneath the browse button. Enter the ACS URL and Application SAML audience given to you by Logz.io support. You'll need to paste the Single Sign-on URL to the Application ACS URL, and Audience URI to Application audience.
Click on the Attribute mappings tab.
Add a new attribute called email and the variable ${user:email}.
To configure groups you'll need to add another attribute mapping called groups and the variable ${user:groups}.
Read more about attribute mapping for AWS.
Click on Save changes to create your app.
Send your SAML details to Logz.io
Draft a new email to Support, and include these items:
- Your zipped SAML Signing Certificate.
- Your AWS SSO sign-in URL.
When Support has received the information and created your AWS + Logz.io connection, you'll receive confirmation that your AWS SSO is ready to go, and you can start logging in to Logz.io through your AWS account.
Assign users to Logz.io's SSO connection
In your main SAML application you've just created, navigate to the Assigned users tab and click on Assign users. Here you can choose and add all relevant users from your organization who can use your new SSO connection.
Users must also have a Logz.io account to use the new SSO feature.
