Creating a SAML app in Yandex Identity Hub for integration with Sentry
Sentry is a real-time error monitoring and tracking platform for applications allowing developers to quickly detect, diagnose, and fix failures and performance issues.
To allow your organization's users to authenticate in Sentry via SAML SSO, create a SAML app in Identity Hub and configure it in Identity Hub and in Sentry.
SAML apps can be managed by users with the organization-manager.samlApplications.admin role or higher.
Note
For SAML integration, your Sentry instance must have a public domain and a valid SSL certificate in place.
For your organization's users to be able to access Sentry:
Create an app in Identity Hub
- Log in to Yandex Identity Hub.
- In the left-hand panel, select Apps.
- In the top-right corner, click Create application and in the window that opens:
-
Select the SAML (Security Assertion Markup Language) single sign-on method.
-
In the Name field, specify a name for your new app:
sentry-app. -
Optionally, in the Description field, enter a description for the new app.
-
Optionally, add labels:
- Click Add label.
- Enter a label in
key: valueformat. - Press Enter.
-
Click Create application.
-
- Save the Metadata URL value, you will need it at the next step.
Set up the integration
Set up the SAML application in Yandex Identity Hub
Find the organization slug
To set up endpoints, you need the organization slug, which is set to sentry by default. To find the slug of your organization:
- Log in to Sentry.
- In the left-hand menu, click Settings.
- On the Organization tab, select General Settings.
- Copy the Organization Slug field value.
Set up service provider endpoints
- Log in to Yandex Identity Hub.
- In the left-hand panel, select Apps and then, the SAML app.
- At the top right, click Edit and in the window that opens:
- In the **SP EntityID ** field, paste the
<sentry_instance_address>/saml/metadata/<organization_slug>/value. - In the ACS URL field, paste the
<sentry_instance_address>/saml/acs/<organization_slug>/value. - Optionally, in the SP Logout URL field, paste the
<sentry_instance_address>/saml/sls/<organization_slug>/value. - Click Save.
- In the **SP EntityID ** field, paste the
Configure authentication on the Sentry side
- Log in to Sentry as a user with the organization owner permissions.
- In the left-hand menu, click Settings.
- On the Organization tab, select Auth.
- From the list of providers, select SAML2.
- Click Configure.
- In the Metadata URL field, enter the metadata file address you copied earlier.
- Click Get metadata.
- Under Map Identity Provider Attributes, fill out the following fields:
- In the IdP User ID field, enter
fullname. - In the User Email field, enter
emailaddress. - Optionally, in the First Name field, enter
givenname. - Optionally, in the Last Name field, enter
surname.
- In the IdP User ID field, enter
- Click Save Settings.
Add a user
For your organization's users to be able to authenticate in Sentry with Identity Hub's SAML app, you need to explicitly add these users and/or user groups to the SAML application.
Note
Users and groups added to a SAML application can be managed by a user with the organization-manager.samlApplications.userAdmin role or higher.
-
Add users to the application:
Cloud Center UI- Log in to Yandex Identity Hub.
- In the left-hand panel, select Apps and select the required app.
- Navigate to the Users and groups tab.
- Click Add users.
- In the window that opens, select the required user or user group.
- Click Add.
Make sure your application works correctly
To make sure both your SAML app and Sentry integration work correctly, authenticate to Sentry as one of the users you added to the app. Proceed as follows:
- In your browser, navigate to your Sentry instance's address.
- On the authentication page, click Login with SAML2.
- On the Yandex Cloud authentication page, enter the user email address and password. The user or group they belong to must be added to the application. The user must also have their email address specified.
- Make sure you have successfully authenticated in Sentry.