Authentication and Authorization (SaaS)

Sysdig supports authenticating users using Security Assertion Markup Language (SAML), Google OAuth, and OpenID Connect protocols and certifies different Identity Providers (IdPs) that use these protocols, including but not limited to, Okta, OneLogin, and Entra ID.

You can use Sysdig Monitor and Sysdig Secure with the following user authentication and authorization methods:

TypeEnabled by DefaultIntegration Requirements
User CredentialsYesNo
Google OAuthNoYes
SAMLNoYes
OpenID ConnectNoYes

Prerequisites and Guidelines

Sysdig

  • See SaaS Regions and IP Ranges before proceeding to configure authentication.
  • Sysdig has assigned a Customer Name, Customer ID, and External ID for your account. You can view it on the Settings > Authentication (SSO) page.

Identity Provider (IdP)

  • Configure authentication separately for each Sysdig product: Sysdig Monitor and Sysdig Secure.
  • Configure your Identify Provider (IdP) for the Sysdig application.
  • Users must be assigned to the application in the IdP to be able to access Sysdig.

Configure Single Sign-On

  1. Determine the Single Sign-On (SSO) and the IdP that your enterprise uses.
  2. Log in to the Sysdig application as an administrator.
  3. Open Settings > Authentication (SSO).
  4. On the Authentication screen, select New Configuration or choose to edit an existing one
  5. When creating a new integration, select the type: OpenID or SAML
  6. Enter the required connection settings for the chosen SSO. If you are configuring only one integration the Integration Name can be omitted.
  7. Configure any associated IdP settings on the IdP side.
  8. If enabling both Sysdig Monitor and Sysdig Secure, repeat the process on the second application.

Main Authentication Settings

The main Authentication parameters are the same for all of the authentication protocols.

OptionDescription
Customer IDUnique customer identifier.
Customer NameUnique customer name.
External IDUnique customer External ID used in some SSO integrations.

Manage SSO Configurations

Sysdig allows you to manage up to 10 SSO integrations in addition to the Google OAuth. You can create new integrations by selecting option New Configuration and then selecting the type SAML or OpenID.

You can edit an existing SSO integration either by selecting the row or by selecting the pencil icon on the right side.

Deleting the configuration is possible by selecting the three dot menu on the right side and then option Delete Configuration. You can only delete inactive SSO configurations.

An integration is active when the slider on the left side is in the right position. Make sure at least one integration is enabled to be able to use it for logging users in.

Note the Integration Name is not required if only one integration is set, but if multiple integrations are defined the integration name must be appended to the Metadata URL, Relay State, and Bookmark URL (if used)

Disable Password Authentication

For On-Prem environments, see Disable Password Authentication.

To disable password authentication through the UI:

  1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings from the user menu at the bottom left of the screen.
  2. Click Authentication(SSO).
  3. Scroll down and locate the Username and Password Login settings.
  4. Use the Username and Password Login slider to turn off password authentication.
  5. Click Save.

For IdP Break-Glass scenario when Password Authentication is disabled, see Break-Glass scenario.

Configure Customized Session Expiration

To do so:

  1. Log in to Sysdig Monitor or Sysdig Secure as administrator and selectΒ Settings.
  2. SelectΒ Authentication(SSO).
  3. Scroll down and locate the Session Expiration settings.
  4. Specify the Session Expiration setting:
    1. Enable session expiration by using the Inactive Session Expiration slider.
    2. Specify the time-out period in minutes.
    3. Click Save.

Multi-Factor Authentication

Limitations

  • MFA only applies to local (username and password) user accounts.

    • If you need to use MFA when using an Identity Provider (IdP), look into your Single Sign-On (SSO) configuration. See Enable Single Sign-On.
  • Administrators cannot enable MFA on user accounts. However, they can disable it.

Enable MFA

You can enable MFA for your account from the User Profile page. Once enabled, you will be prompted to use MFA when you login.

To enable Multi-Factor Authentication:

  1. Log in to Sysdig Secure or Sysdig Monitor.
  2. Navigate to Settings > User Profile.
  3. In the Multi-Factor Authentication section, toggle Authenticator App MFA on. A modal appears. The modal has a QR code and a key.
  4. In your authenticator app, add a new account. Consult the documentation of your chosen app for precise instructions.
  5. Scan the QR code with your authenticator app. Alternatively, enter the key below the QR code manually. A verification code appears in your authenticator app.
  6. Enter the code into the text box in the modal, and click Confirm.

Multi-factor authentication is now enabled.

Log in with MFA

Once you have enabled MFA on an account, you can log in with MFA:

  1. Go to the Sysdig Secure or Sysdig Monitor login page.
  2. Enter your username and password.
  3. Select Log in.
  4. Open your authenticator app. A code will appears.
  5. Enter the code generated in your authenticator app.
  6. Select Verify.

If the code is correct, your login will be successful.

Disable MFA on your Account

To disable MFA on your own account:

  1. Log in to Secure or Monitor. If you cannot log in, contact your administrator.
  2. Navigate to Settings > User Profile.
  3. In the Multi-Factor Authentication section, toggle Authenticator App MFA off.
  4. Select Confirm.

Multi-factor authentication is now disabled. When you attempt a login, you will no longer need to user your authenticator app.

(Admin) Disable MFA for a User

Administrators can disable MFA for other users. This is useful, for example, if a user loses access to the authenticator app. To disable MFA on a user’s account as an Admin:

  1. Log in to Sysdig Secure or Sysdig Monitor as an Admin.
  2. Navigate to Settings > Users.
  3. Select a user from the list. The Edit User page appears.
  4. Toggle off Authenticator App MFA.

MFA is now disabled for that user. Remember that Admins cannot toggle MFA on.

Learn More