Azure Active Directory

Azure AD is Microsoft's enterprise cloud-based identity and access management (IAM) solution. It can be used to access your Humio repositories.

Azure Active Directory

Figure 204. Azure Active Directory


To integrate Azure AD with Humio, you'll need to create an app in Azure Active Directory.

  1. First sign in to the Azure portal. Then open Enterprise Applications and click New application.

  2. Click Create your own application. The result will be a pop-up box link the one here:

    Azure Active Directory

    Azure Active Directory

    Figure 205. Azure Active Directory


  3. Enter a name for the app, such as Humio. Choose Integrate any other application you don't find in the gallery and click Create.

  4. Now you'll see a screen about creating the app. There will some large icon boxes, one of which reads, Set up single sign on. Click and then the choices of icon boxes will change. Click the one that's labeled, SAML.

  5. Click Edit in the Basic SAML Configuration tab and fill in theses fields:

  6. Set Identifier (Entity ID) to $YOUR_HUMIO_URL/api/v1/saml/metadata

  7. Set Reply URL to $YOUR_HUMIO_URL/api/v1/saml/acs

  8. Leave Sign on URL and Relay State blank.

  9. When you're done, click Save.

  10. Click Edit under User Attributes & Claims. Then click on the first Required claim. Ensure that name identifier format is set to Email address.

  11. To set up group synchronization, create a group claim by clicking Edit under User Attributes & Claims tab. Optionally, assign users by selecting Users and Groups. There you'll assign users or groups to your application.

Relay State

Figure 206. Relay State


You finished configuring Azure AD to work with Humio. Now, you need to configure Humio to work with Azure AD.

To do this, you will need some information from the Azure AD configuration, which you can find by clicking on the View step-by-step instructions under Set up Humio.

You may also want to set the relay state. To do this,:

  1. Go to Single Sign On tab in Azure AD.

  2. Click Edit under Basic SAML Configuration (see screenshot here).

  3. Paste the URL into the field under Relay State and Click Save when you're done.

Refer to the docs on Configure Humio for Self-Install and you can use the following examples to help you configure Humio on your own server:

Example Config

Figure 207. Example Config


The last two fields must be set as follows. For copy/paste purposes, those values are:

  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

If the Let identity provider handle group memberships in Humio checkbox is selected, then users will also need to align their Azure AD groups' Object ID with the Mapping Name found under the External Provider tab for each group in Humio.

Note that the “Object ID” from Azure AD has been copied into the “Mapping Name” field in Humio.

Mapping Name

Figure 208. Mapping Name


To use SAML with Humio Cloud, go to the Identity Providers documentation page.

See the Azure Active Directory Documentation for more information on Azure AD.