SignalFx

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for SignalFx using SAML.

About SignalFx

SignalFx is a SaaS-based monitoring and analytics platform that allows the customers to visualize issues and work with dashboards, analytics, and alerts on their data.

After integrating SignalFx with Oracle Identity Cloud Service:

  • Users can access SignalFx using their Oracle Identity Cloud Service login credentials.
  • Users can start SignalFx using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the SignalFx app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A SignalFx account with authorization rights to configure federated authentication.
  • Identity Provider metadata. You can use the following URL to access the metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata and save the metadata in a text file. Use this file later during SignalFx configuration in the "Configuring SSO for SignalFx" section.

Obtaining the Identity Provider Signing Certificate

Use this section to obtain the Identity Provider Signing Certificate content to be used during SignalFx configuration.

  1. Use the following URL to access the identity provider metadata: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata.

  2. In the metadata file, locate the dsig:X509Certificate tag.

  3. Copy the content between the dsig:X509Certificate tags into a text file. This content is the Identity Provider Signing Certificate.

    Image img1.png displays the metadata content with md:IDPSSODescriptor and dsig:X509Certificate tags highlighted.

    Note: Use this certificate content later during SignalFx configuration in the "Configuring SSO for SignalFx" section.

Configuring SSO for SignalFx

  1. Access SignalFx as an administrator using the URL: https://app.signalfx.com/#/signin. The SignalFx home page appears.

  2. In the header menu, click INTEGRATIONS, locate Login Services section, and then click SSO. The SAML dialog box appears.

  3. Click NEW INTEGRATION, and then make note of the value specified in the Integration ID field.

    Note: Use this Integration ID value while registering and activating the SignalFx app in Oracle Identity Cloud Service. See the "Registering and Activating the SignalFx App" section.

  4. Use the following table to update the federated authentication attributes, and then click SAVE. A confirmation message is displayed stating that the integration is validated.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    Name Enter the name of the identity provider.
    Public Key Paste the Identity Provider Signing Certificate content that you obtained earlier by performing the steps in the "Obtaining the Identity Provider Signing Certificate" section.
    Issuer URL Enter the Entity ID/Issuer URL. Access the identity provider metadata file and obtain the Entity ID/Issuer URL. The Entity ID/Issuer URL information is located in the first line of the metadata. See the "What Do You Need?" section to obtain the metadata.
    Metadata Paste the contents of the Identity provider metadata file that you obtained earlier in the "What Do You Need?" section.

    Note: Users who are assigned to the SignalFx app in Oracle Identity Cloud Service with similar domain name as the administrator can access SignalFx, even if the user does not have a SignalFx account.

Configuring the SignalFx App in Oracle Identity Cloud Service

Use this section to register and activate the SignalFx app, and then assign users to the app.

Registering and Activating the SignalFx App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for SignalFx, and then click Add.

  4. In the App Details section, enter your SignalFx Integration ID, and then click Next.

    Note: This is the Integration ID value that you obtained while performing the steps in the "Prerequisite Step" section.

  5. Click Download Signing Certificate.

    Tip: Use this file later during the SignalFx configuration in the "Configuring SSO for SignalFx" section.

  6. Click Download Identity Provider Metadata. To learn about other methods you can use to access SAML metadata, see Access SAML Metadata.

    Tip: Use this file later during the SignalFx configuration in the "Configuring SSO for SignalFx" section.

  7. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  8. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the SignalFx App

  1. On the SignalFx app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to SignalFx, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the SignalFx app is assigned to the users that you selected.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Service My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the SignalFx app. Oracle Identity Cloud Service displays a shortcut to SignalFx under My Apps.

  3. Click SignalFx. The SignalFx home page appears.

  4. In the upper-right corner of the header, click the user icon, and then confirm that the user that is logged in is the same for both SignalFx and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

SignalFx displays the message, "<your company> is not allowed".

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in SignalFx.

Solution: Ensure that the user that you assign to the SignalFx app has an account in both Oracle Identity Cloud Service and SignalFx with the same email address, and domain name as the administrator.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service SignalFx app and SignalFx is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select SignalFx.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the SignalFx app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select SignalFx.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.