Make sure you are administering the correct tenant for integration with LogRhythm Web Console.
In the left-side navigation bar, click Enterprise applications. The applications window appears.
At the top of the applications window, click New application, then click the Non-gallery application tile.
Enter your App Name (for example, LogRhythm Web Console - LRXM01 or LogRhythm WC - Boulder).
Click Add.
In the left-side navigation bar in the Manage section, click Single sign-on, then click the SAML tile. The Set up Single Sign-On with SAML page appears.
In the Basic SAML Configuration section, click the Edit
icon. The Basic SAML Configuration page appears. Enter the following parameters:
If your Web Console uses a port other than the default of 8443, enter your customized port number instead of 8443. For more information, see LogRhythm Web UI.
Yes
Sign On URL
Leave blank.
No
Relay State
Leave blank.
No
Logout URL
Leave blank.
No
Click Save, then click Close.
When prompted to test single sign-on, click No, I'll do it later.
In the User Attributes & Claims section, click the Edit
icon. The User Attributes & Claims page appears.
Click Save.
Click Add new claim. Enter the following parameters:
Name
Namespace
Source
Source Attribute
firstName
Leave blank
Attribute
user.givenname
Click Save.
Click Add new claim. Enter the following parameters:
Name
Namespace
Source
Source Attribute
lastName
Leave blank
Attribute
user.surname
Click Save, then click Close.
In the left-side navigation bar in the Manage section, click Users and groups. The Users and Groups page appears.
Click Add user. The Add Assignment page appears.
Click Users and groups.
Select the users you want to have access to the LogRhythm Web Console.
When you click on a user, the name appears under Selected members.
When you are finished selecting users, click Select at the bottom of the page.
At the bottom of the Add Assignment page, click Assign.
You are done creating the SAML app in Azure AD.
Gather IdP SSO Configuration Data
Log in to the Azure AD Admin Portal.
In the left-side navigation bar, click Enterprise applications. The applications window appears.
Click the SAML app you created for LogRhythm SSO.
In the left-side navigation bar in the Manage section, click Single sign-on.
From this summary page, locate the values for the Certificate (Base64) and Login URL fields. Copy and paste the values to a temporary location:
Certificate (Base64): Download and open the certificate with a text editor, then copy the text.
Login URL
Enable Single-Sign On in the LogRhythm Web Console (Admins Only)
Log in to the Web Console with an administrator account or with an account that has SSO Management permissions.
In the upper-right corner, click the Administration drop-down icon, then click Single Sign-On. The Single Sign-On Configuration menu appears.
Click the Single Sign-On Enabled button. The menu expands to reveal configuration fields.
Enter the following parameters:
If you want to choose a User Profile that is specific to newly-created SSO users, consider creating the desired User Profile in the SIEM before this step.
The User Profile to be assigned via User Auto-Provisioning to new SSO users.
If you do not see all of the expected User Profiles in the drop down menu, contact your SIEM administrator to make sure they have enabled your Manage User Profiles and Single Sign-On Management (Web Console) permissions.
Click Save.
While saving, your Web Console will temporarily disconnect and you will see either Reconnecting or Disconnected status in the upper-right corner.
Refresh your browser if prompted to do so.
After your Web Console refreshes and the status shows Connected, your SSO for the Web Console is enabled.
In the upper-right corner, click the User drop-down icon, and then click Logout.
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.