You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 2, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: sp-oncall/admin/sso/single-sign-sso.rst
+7-45Lines changed: 7 additions & 45 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,9 +10,10 @@ Configure Single Sign-On for Splunk On-Call
10
10
.. toctree::
11
11
:hidden:
12
12
13
-
sp-sso-okta
14
-
sp-sso-google
15
-
sp-sso-adfs
13
+
Configure SSO for Okta<sp-sso-okta>
14
+
Configure SSO for Google<sp-sso-google>
15
+
Configure SSO for ADFS<sp-sso-adfs>
16
+
Configure SSO for other IDPs<sp-sso-other>
16
17
sp-sso-users
17
18
18
19
.. raw:: html
@@ -36,7 +37,7 @@ If your IDP does not have SAML capability, please contact Splunk On-Call Support
36
37
.. raw:: html
37
38
38
39
<embed>
39
-
<h2>Administrator setup<aname="admin-setup"class="headerlink"href="#admin-setup"title="Permalink to this headline">¶</a></h2>
40
+
<h2>Configure SSO: Admin guides<aname="admin-setup"class="headerlink"href="#admin-setup"title="Permalink to this headline">¶</a></h2>
40
41
</embed>
41
42
42
43
Instructions to complete the SSO configuration with Splunk On-Call and your IDP are provided for:
@@ -50,46 +51,7 @@ Instructions to complete the SSO configuration with Splunk On-Call and your IDP
50
51
.. raw:: html
51
52
52
53
<embed>
53
-
<h3>OneLogin<aname="sso-onelogin-spoc"class="headerlink"href="#sso-onelogin-spoc"title="Permalink to this headline">¶</a></h3>
54
+
<h2>Sign in to Splunk On-Call through SSO: User guide<aname="user-guide"class="headerlink"href="#user-guide"title="Permalink to this headline">¶</a></h2>
54
55
</embed>
55
56
56
-
If you are configuring SSO for OneLogin, the Default relay state is:
<h3>Azure Active Directory (SAML-based sign-on)<aname="sso-azure-spoc"class="headerlink"href="#sso-azure-spoc"title="Permalink to this headline">¶</a></h3>
65
-
</embed>
66
-
67
-
If you are configuring SSO for Azure Active Directory, use the following values:
@@ -35,9 +35,8 @@ To configure SSO for Splunk On-Call using Google Apps:
35
35
:alt:Splunk On-Call SSO Google Apps Setup 5
36
36
37
37
#. In the :guilabel:`Service Provider Details` step, enter the following values:
38
-
- in the :guilabel:`ACS URL` field: :samp:`https://sso.victorops.com:443/sp/ACS.saml2`
39
-
- in the :guilabel:`Entity ID` field: :samp:`victorops.com`
40
-
- in the :guilabel:`Start URL` field, enter the following with the correct Organization Slug at the end: :samp:`https://portal.victorops.com/auth/sso/<<org-slug-here>>.`
41
-
38
+
- In the :guilabel:`ACS URL` field: :samp:`https://sso.victorops.com:443/sp/ACS.saml2`
39
+
- In the :guilabel:`Entity ID` field: :samp:`victorops.com`
40
+
- In the :guilabel:`Start URL` field, enter the following with the correct Organization Slug at the end: :samp:`https://portal.victorops.com/auth/sso/<<org-slug-here>>.`
42
41
43
42
#. Skip the attribute mapping step and select :guilabel:`Finish`.
Copy file name to clipboardExpand all lines: sp-oncall/admin/sso/sp-sso-users.rst
+42-61Lines changed: 42 additions & 61 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,94 +7,75 @@ Sign in to Splunk On-Call with SSO
7
7
.. meta::
8
8
:description: Signing into Splunk On-Call with SSO, in the Web UI or on mobile.
9
9
10
+
Splunk On-Call user can use this topic for steps to log in to Splunk On-Call with SSO. To enable single sign-on (SSO) for your organization see :ref:`single-sign-sso`.
10
11
11
-
12
-
13
-
Requirements
14
-
==================
15
-
16
-
This integration is compatible with the following versions of Splunk On-Call:
17
-
18
-
- Full-Stack
19
-
20
-
To enable single sign-on (SSO) for your organization, you will need to provide an updated metadata file and your IDP. If you are
21
-
interested in setting up SSO, please contact :ref:`Splunk On-Call Support <spoc-support>`.
22
-
23
-
24
-
25
-
Instructions for Users
12
+
Obtain your organization slug
26
13
===============================
27
14
28
-
Organization Slug: The phrase "Organization Slug" refers to the slugified version of your organization's name in Splunk On-Call. This process changes your organization name to a lowercase URL-friendly version with no spaces or punctuation, though it may contain dashes. Your Organization Slug can be found at the end of the URL when you are
29
-
logged into the Splunk On-Call portal via a web browser.
30
-
31
-
Contact your Splunk On-Call administrator or reach out to Splunk On-Call Support if you are having trouble finding your Organization Slug.
15
+
Your organization has a URL-friendly "organization slug" in Splunk On-Call. Find your organization slug at the end of the URL when you are logged into the Splunk On-Call portal in a web browser. Contact your Splunk On-Call administrator or reach out to Splunk On-Call Support if you are having trouble finding your organization slug.
32
16
33
-
A user's login experience on the Splunk On-Call platform will be slightly different after enabling Single Sign-On for your organization. If your organization has not explicitly disabled traditional authentication, users will be able to login as normal with their Splunk On-Call credentials or login via SSO. If traditional authentication has been disabled, users will encounter an error message directing them to login via SSO if they attempt to login with their Splunk On-Call credentials.
34
-
35
-
Web Client UI
36
-
=================
37
-
38
-
The SSO login form can be found at this URL: https://portal.victorops.com/auth/sso
39
-
40
-
Alternatively, you can create a link or bookmark to skip the typing and bypass the form by appending your company ID to the SSO URL, like this: https://portal.victorops.com/auth/sso/<org-slug-here>
17
+
.. _sso-linking:
41
18
42
-
Either of these routes will direct the user's browser to your identity provider, where they will be required to authenticate and are then sent back to the Splunk On-Call timeline.
19
+
First-time SSO log in
20
+
========================
43
21
44
-
Mobile Applications
45
-
=========================
22
+
If your organization is using SSO you need to complete a one-time linking process between your SSO provider and your Splunk On-Call account. This process creates a link between your external user ID and your Splunk On-Call user ID. If you haven't received an email invitation with the subject “Your invitation to Splunk On-Call”, contact your Splunk On-Call administrator and ask them to send you an invitation.
46
23
47
-
The Splunk On-Call client for your mobile device will also present a link on the login screen, offering the option to use your SSO credentials.
24
+
#. When you receive an email to activate your Splunk On-Call account, create your username and password and complete the account set up process. You will be directed into the Splunk On-Call platform.
25
+
#. You need to log out and select :guilabel:`Sign in via SSO”` on the log in page to complete the one-time link process. Verify that you have logged out of Splunk On-Call in every browser you are using and your IDP.
26
+
#. You are prompted to :guilabel:`Enter your Org Slug`.
48
27
49
-
iOS or Android SSO Login
50
-
-------------------------
28
+
.. image:: /_images/spoc/sso.png
29
+
:width:80%
30
+
:alt:Enter your org slug to connect your user ID.
51
31
52
-
On the login screen, select :guilabel:`Sign in with Enterprise SSO`. This link will take you to a form prompting for your Organization Slug. After you enter your company's Organization Slug, you are redirected to your
53
-
IDP login page in a mobile browser. Once you log in through the IDP you are automatically logged into Splunk On-Call.
32
+
#. You are redirected to your IDP page where you log in using your SSO credentials.
54
33
55
-
.. _sso-linking:
34
+
.. image:: /_images/spoc/sso-org2.png
35
+
:width:80%
36
+
:alt:Log in with your SSO credentials.
56
37
57
-
First-Time SSO Login
58
-
========================
38
+
#. Enter your Splunk On-Call username and password. You will only need to enter your Splunk On-Call username and password once.
59
39
60
-
If your organization is using SSO you will need to do a one-time linking process between your SSO provider and your Splunk On-Call account. This will create a link between your external user ID and your Splunk On-Call user ID. If you have not received an email invitation with the subject “Your invitation to Splunk On-Call”, contact your Splunk On-Call administrator and ask them to send you an invitation.
40
+
You are redirected to the Splunk On-Call platform and have finished the one-time SSO linking process.
61
41
62
-
#. When you receive an email to activate your Splunk On-Call account, create your username and password and complete the account set up process. You will be directed into the Splunk On-Call platform.
63
-
#. You need to log out and select :guilabel:`Sign in via SSO”` on the login page to perform the one-time link. Verify that you have logged out of Splunk On-Call in every browser you are using and your IDP.
64
-
#. You are prompted to :guilabel:`Enter your Org Slug`.
42
+
How to break your SSO linkage
43
+
-------------------------------
65
44
45
+
If you are receiving an error when trying to log in to Splunk On-Call through SSO you may need to break the linkage between your Splunk On-Call username and password and your SSO provider.
66
46
67
-
.. image:: /_images/spoc/sso.png
68
-
:width:100%
69
-
:alt:Enter your org slug to connect your user ID.
47
+
To break the linkage, ensure you are signed in to your IDP and then paste the following link into the address bar of your browser: :samp:`https://portal.victorops.com/do-defederation`. If the link between your Splunk On-Call credentials and your SSO provider is successfully broken, you will see the following message.
70
48
71
-
#. You are redirected to your IDP page where you log in using your SSO credentials.
49
+
.. image:: /_images/spoc/sso-org3.png
50
+
:width:80%
51
+
:alt:VictorOps broken SSO linkage screen
72
52
53
+
.. note:: You might have to paste the defederation link into your browser multiple times before the message appears.
73
54
74
-
.. image:: /_images/spoc/sso-org2.png
75
-
:width:100%
76
-
:alt:Log in with your SSO credentials.
77
55
78
-
#. Enter your Splunk On-Call username and password. You will only need to enter your Splunk On-Call username and password once, and then we will not ask for it again.
56
+
To re-associate your Splunk On-Call username and password with your SSO provider, repeat the linking steps in :ref:`sso-linking`.
79
57
80
-
You are redirected to the Splunk On-Call platform and have finished the one-time SSO linking process.
58
+
Your login experience
59
+
=========================
81
60
61
+
Your log in experience on the Splunk On-Call platform is different after enabling Single Sign-On for your organization. If your organization has not explicitly disabled traditional authentication, you will be able to log in as normal with your Splunk On-Call credentials or log in through SSO. If traditional authentication has been disabled, you will see an error message to login through SSO if you attempt to login with your Splunk On-Call credentials.
82
62
83
-
How to break your SSO linkage
84
-
==========================================
63
+
Web Client UI
64
+
----------------
85
65
86
-
If you are receiving an error when trying to log into Splunk On-Call through SSO you may need to break the linkage between your Splunk On-Call username and password and your SSO provider.
66
+
The SSO log in form can be found at this URL: https://portal.victorops.com/auth/sso
87
67
88
-
To break the linkage, ensure you are signed in to your IDP and then paste the following link into the address bar of your browser: :samp:`https://portal.victorops.com/do-defederation` . If the link between your Splunk On-Call credentials and your SSO provider is successfully broken, you will see the error, shown below.
68
+
Alternatively, you can create a link or bookmark to bypass the SSO form. To do so, append your organization slug to the SSO URL, like this: ``https://portal.victorops.com/auth/sso/<org-slug-here>``
89
69
90
-
.. note:: You may have to paste the defederation link into your browser multiple times before the below error message will appear.
70
+
Either of these routes will direct your browser to your identity provider, where you are required to authenticate and are then sent back to the Splunk On-Call timeline.
91
71
72
+
Mobile Applications
73
+
----------------------
92
74
93
-
.. image:: /_images/spoc/sso-org3.png
94
-
:width:100%
95
-
:alt:VictorOps broken SSO linkage screen
75
+
The Splunk On-Call client for your mobile device also presents a link on the log in screen offering the option to use your SSO credentials.
96
76
97
-
To re-associate your Splunk On-Call username and password with your SSO provider, repeat the linking steps in :ref:`sso-linking`.
77
+
iOS or Android SSO log in
78
+
-------------------------
98
79
99
-
If you have any questions or experience any issues, contact Splunk On-Call Support.
80
+
On the log in screen, select :guilabel:`Sign in with Enterprise SSO`. This link takes you to a form prompting you for your organization slug. After you enter your company's organization slug, you are redirected to your IDP log-in page in a mobile browser. Once you log in through the IDP you are automatically logged into Splunk On-Call.
0 commit comments