LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

    Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

    Get to know us
    Services

      Resources

      Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

    Learn

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

    Support

    Product Documentation

    Configuring the Azure Active Directory SSO Integration

    Last updated on 21 October, 2024

    Overview

    Before you can use the Microsoft Azure Active Directory (AD) IdP for Single Sign On (SSO), you must add the LogicMonitor app to Azure AD and configure the SSO integration.

    Adding the LogicMonitor App to Azure AD

    1. Sign in to the Azure portal and navigate to Azure Active Directory.
    2. On the left navigation pane, select Enterprise applications and then select All applications.
    3. Select New application.
    4. From the Browse Azure AD Gallery page, enter “LogicMonitor” in the Search application field.
    5. Select LogicMonitor from the results and then click Create.
    Azure AD SSO page

    The app is added to your tenant.

    Configuring Azure AD SSO for LogicMonitor

    1. In the Azure portal, navigate to the LogicMonitor app you just added.
    2. Click Set up single sign on.
    Setup SSO for Azure AD page
    1. From the Users and groups page, add the users or user groups that will use SSO to log in to your LogicMonitor portal.
    2. Select SAML as the single sign on method.
    3. From the Basic SAML Configuration pane, click Edit.
    4. Enter the following information:
      • Identifier (Entity ID)—The URL of your LogicMonitor portal
      • Reply URL (Assertion Consumer Service URL)—The following URL, replacing “yourportalname” with the correct name of your LogicMonitor portal: https://yourportalname.logicmonitor.com/santaba/saml/SSO/
      • Sign on URL— For more information, see the Entering the Sign on URL section.
    Basic SAML configuration page
    1. Click Save.
    2. Select the User Attribute & Claims.
    3. Select Add a group claim.
    4. Select the group options. For information on group options, see Add group claims to tokens for SAML applications using SSO configuration.
    5. You can configure group claim to include the group display name for the cloud-only groups. For more information, see Emit cloud-only group display name in token.
    1. Click Save.
    2. Download the Federation Metadata XML file.

    For information on how to configure SSO if you are using Microsoft Azure Active Directory (AD) IdP, see Single Sign On.

    Entering the Sign-On URL

    Use case 1: Disabled Multi Idp Support

    If you have disabled the Multi Idp support option, enter one of the following URLs in the Sign-on URL field:

    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=&url=
    or
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login
    or
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

    Azure Sign in URL

    Use case 2: Enabled Multi Idp Support

    If you have enabled the Multi Idp support in Settings > User Access > Single Sign On. Enter the following URL in the Sign-on URL field:
    https://COMPANYNAME.logicmonitor.com/santaba/saml/login?userDomain=USERDOMAIN&url=

    Azure SSO Sign-in URL use case 2

    Note: The <userDomain> must match with the domain name mentioned in the LogicMonitor SSO configuration.

    Azure SSO User Access page

    Configuring LogicMonitor SSO for Azure AD

    1. In the LogicMonitor portal, navigate to Single Sign On from the Settings menu.
    2. Select the Enable Single Sign On checkbox.
    3. Select a role from the Default Role Assignment dropdown menu.
    4. From the Identity Provide Metadata, click Upload and select the XML file you downloaded in the previous section.
    5. (Optional) To force users to authenticate using SSO, select the Restrict Single Sign On checkbox.
    6. (Optional) Select a number of days to allow users to remain signed in for.
    7. (Optional) Enable Single Logout (SLO).
    8. Click Save.

    Testing the Integration

    1. In the Azure portal, select Single sign on from the left navigation pane.
    2. From the Test single sign on with LogicMonitor panel, click Test.
    3. Select Sign in as someone else.
    Test SSO for Azure AD page
    1. When prompted, log in as a user who was assigned the LogicMonitor app in Azure AD.

    If the integration was configured correctly, the user is logged in to the LogicMonitor portal and a new user is created in LogicMonitor with the default role you selected in the previous section.

    In This Article