SSO with SAML

Navigate to your administration panel and navigate to applications. Click on Add App button and choose Coralogix.

Choose a name to display (default is Coralogix), add a description if you'd like, and Save.

Coralogix also supports IdP-initiated flow enabling direct connection to Coralogix from your Onelogin App portal. To enable, once our connector is saved, go to Configuration and insert your Coralogix account company ID (in your Coralogix account, go to Settings > Send your data) into the RelayState dialog box. Click Save.

Download the SAML Metadata XML file.

Upload the metadata file to our web app via Settings -> Configure SAML.

Navigate to Applications and select Add App.

Search for and select SAML Test Connector (IdP).

Go to Configuration and add the details according to the following example. This particular example is for an EU2-based team.

Click Save. The newly prepared XML configuration may be uploaded to the relevant Coralogix team.

Create a new SAML 2.0 app integration. In Okta, navigate to Applications > Create App Integration > SAML 2.0. Click Next.

In General Settings, enter the App name used by Okta to display the application name to users (e.g., "Coralogix Production").

In Coralogix, navigate to Settings > Configure SAML.

• Single sign-on URL > Assertion Consumer Service URL
• Audience URI (SP Entity ID) > Service Provider Entity ID/Audience
• Default RelayState > <Company ID or Name of your Coralogix team>
• Name ID Format should be set to EmailAddress

Once complete, click Next and complete the last stage. Click Finish.

Scroll down to SAML Signing Certificate, click on the Actions drop-down menu and select "View IdP metadata". Copy the metadata into a text file and save it as .xml.

Returning to the Coralogix SAML configuration, you must upload the file you just created by clicking Choose file and selecting it from where it was saved.

Note: You can change the Default Groups on first Sign-in to the group that you want to be assigned to users by default.

Enter https://portal.azure.com/.

After logging into Azure, go to Azure Active Directory tab.

Select Enterprise applications service.

Choose 'New application'.

Choose 'Non-gallery application'.

Name it (for example, CoralogixSSO) and click Add.

Go to Configure single sign-on.

Select SAML-based Sign-on as the SSO mode.

Next, you will need to add Coralogix service provider details to the configuration in Azure as follows:
From Coralogix web app, go to Settings -> Configure SAML. Configure the following:
    * Service Provider Entity ID/Audience 
    * Assertion Consumer Service URL
In the Azure portal (example paths):

If you would like to log in to a specific Coralogix team or account from your Azure SSO app directly, add the Coralogix team name to the Relay State option, as part of your basic SSO configuration.

Choose 'user.mail' as the value for User Identifier.

At the bottom of the page in step 5, click Configure CoralogixSSO.

Scroll down to step 3 of the 'Configure CoralogixSSO for SSO section, and download the file named SAML XML Metadata.

Scroll up to the top of the SSO Configuration section and click Save.

Upload the metadata file to Coralogix web app via Settings > Configure SAML.

Enter Coralogix.com --> Login and insert your team name.

In the next window, choose SSO login (for example, SIGN IN WITH GOOGLE) to log as a user.

If the username you used to log in was used with Coralogix in the past (for example, the administrator wanted to block the access and removed the username), then it will be required by the administrator to approve it. In that case a request was sent to your administrator, wait for his invitation email.

Join request received by the administrator:

Administrator panel after receiving join request from a user, click Approve to send an invitation to the user.

Invitation sent to you:

Now you can enter Coralogix with SAML SSO.

Finalize any additional configuration or verification needed on Coralogix’s side.

Keycloak is an open-source identity and access management solution offering single sign-on (SSO) capabilities. It allows users to authenticate across multiple applications using a single set of credentials. Integrating Keycloak with Coralogix via SAML enhances security, streamlines user authentication, and centralizes identity management. This integration enables users to securely access Coralogix with their existing Keycloak credentials, simplifying access control and enhancing the overall user experience.

In the Keycloak admin console, create a new realm or use an existing one for the integration.

Export SAML 2.0 identity provider metadata.

• In the Keycloak admin console, navigate to Configure > Realm Settings.
• Click SAML 2.0 Identity Provider Metadata.
• Save the metadata as an XML file to be used for Coralogix configuration later.

Create a new client.

• Go to Clients > Clients List and click Create.
  • Client type: SAML
  • Client ID: <your_CX_team_service_provider_metadata_URL>
  • Name: Coralogix (or any other meaningful name)
  • Description (optional)
• Configure client settings.
  • Root URL: <your_CX_team_URL>
  • Home URL: <your_CX_team_URL>
  • Valid redirect URIs: <your_assertion_URL>
  • Valid post logout redirect URIs: <your_CX_team_URL>
  • IdP-initiated SSO URL name: leave empty
  • IDP Initiated SSO Relay State: <your_team_ID_number><Your Team ID number>
  • Master SAML Processing URL: <Your CX Team Service Provider Metadata URL>
• Adjust SAML capabilities.
  • After saving your changes, go to the Settings tab.
  • Under SAML capabilities, change the Name ID format to email.
• Configure signature and encryption.
  • In the Signature and Encryption section, enable Sign assertions.
• Replace the default certificate.
  • Go to the Keys tab.
  • Verify that the Client signature required option is enabled.
  • Replace the existing certificate with the PEM certificate (public key) provided by Coralogix.
  • Important: This certificate contains the public key for Coralogix, used in SAML integrations to verify the identity of Coralogix and ensure secure, authenticated communication.

-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIUTnz0Hc7WgtSevnVoflIIrEQGWIMwDQYJKoZIhvcNAQEL
BQAwODESMBAGA1UECgwJQ29yYWxvZ2l4MRAwDgYDVQQLDAdTU08gS2V5MRAwDgYD
VQQDDAdTU08gS2V5MB4XDTI1MDcwNzA4MTAwMVoXDTI2MDcwNzA4MTAwMVowODES
MBAGA1UECgwJQ29yYWxvZ2l4MRAwDgYDVQQLDAdTU08gS2V5MRAwDgYDVQQDDAdT
U08gS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5NEDeVE1fJp
m3MhoO9oDVXHgHio49EX7v3mljhQgLM+9JJwkUOotxrHDaOmCsn6wYJqWjZX/a29
NfavGR7+rDRb73V2GAJuBllE5E10BQG0rrBVfh+kHe1JV/9fXh2JrORhfpO30lXf
pY4H8OD3ViwCqxt1Icl7yiQn16h0IWgvi1mtULz4LafaZ3P0qxgGjwGEyX1qtHmj
HFfasvbagFnv/nKpcq3VnTrrgc/DloCg/qOGmIBHr2vzhEj2KO1WISu1ze7Umm1g
gM0xvoV5LHHYKygeui1qxRZ2rmPcvL3KYjFbJ9OYAmeTjS0YtvnwLYmQVk3LWsn+
p2Z7GlEByQIDAQABo1MwUTAdBgNVHQ4EFgQUw9ZCqsREOb50UFtmLBwo4CD6Fp8w
HwYDVR0jBBgwFoAUw9ZCqsREOb50UFtmLBwo4CD6Fp8wDwYDVR0TAQH/BAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAobBC38kPge59hDwONtILdV5LhnFXhV+rruBl
60rtD1Hr6x5HDLCROk7sCVd8t8fM0CSu0UAEs4mJZkUUmiOsEGMOAUlS/IqSUgdm
yyq6BSWK64sjsWlUae77u7LtfGbSZizhpqFDgUUi6jWnvkXKScuBb4TlhAsUBSD5
UtWSHLXokdT5TwO+Xh0JBetbzO7ozL/JE0D8O429mDVE2RK5KUj0VgPU/lzTJ8hU
DgHvyrwhJu6Ew/vrMs+FUHwiS4jw9G8ve1TlimmjQhDtbrkAO5d0FygF/CXEZuX0
irsxb1dTWS8oK0bmpDKdaXCShNukLkhiejntXhaLFBIa0TK3WQ==
-----END CERTIFICATE-----

• Configure roles.
• Go to Roles and create a new default role.
• Add the necessary users/groups to this role.
• Save the client configuration.

In Coralogix platform, navigate to Settings > Account > Configure SAML and activate SAML.

Upload the Keycloak Identity Provider Metadata XML file that was exported earlier.

Finalize any additional configuration or verification needed on Coralogix’s side.