One of the preferred methods for handling authentication is using Security Assertion Markup Language, the SAML 2.0 protocol. To do this with Humio, you’ll first have to set up an authentication provider. However, user authentication for an organization is only available for enterprise customers. To upgrade, contact the Humio Sales Dept..
Assuming your organization is already an enterprise customer of Humio, you may use one of the following identity providers:
For more information on any of these providers or all of them, see the Authenticating with SAML documentation page.
You have to be an Organization Owner to set up authentication. If you’re not, ask who ever is to promote you. As a pre-requisite, you’ll have to have an authentication provider set up already — these are listed above, with links for information on them.
Once you’re ready, from any screen of the Humio User Interface, click on the menu below your avatar in the top right corner to open the Account Menu menu (see Figure 1 here). Select the Organization Settings — it’s highlighted in the screenshot. Then click on the tab on the left labeled, Identity Providers. When you do so, you’ll see a screen similar to the one shown in Figure 2 below. At this point you’re ready to choose and configure a specific identity provider. Below is an explanation for using SAML, but the steps in Humio Cloud are fairly similar regardless of which provider you use.
To configure your organization to use SAML 2.0 for authentication, from the Identity Providers tab, click on Add IDP Configuration pull-down menu and select SAML 2.0. You can see how this will look in the screenshot in Figure 2 here (click on the image to enlarge it). If you still only have a free or trial account, you won’t be able to add an identity provider or see this pull-down menu.
Once you choose SAML as your identity provider, the screen will change. It’ll look like the one in Figure 3 here. You’ll need to add a domain. This will be the one that your users will be able to use to log into Humio. So click the purple button labeled, Add a Domain to do this. A small dialog box will appear for you to enter the domain. Enter the domain name, just the domain name without any leading or trailing text or slashes. For example, you’d enter
example.com and not
https://example.com/login. You’ll enter more details in a bit. When you’re finished, hit Confirm to save it.
Now you’ll need to provide details related to the identity provider and your domain. You should see a form similar to the one in the screenshot shown in Figure 4 here. Fill in the form with the required values. If you Humio to synchronize groups from the single sign on provider, enable Let identity provider handle group membership in Humio, and give it a value that matches the value in the single sign on provider. When you’re finished, click Save
If the configuration was saved successfully, Integration URL will be displayed at the top of the page. You will need this to set the Default Relay State in the identity provider. Read the section Setting Relay State in the relevant documentation page — see links in bullet-list at the top of this document.