Follow

Info: SSO Troubleshooting with Datadog

Applies To:

TLS Protect Cloud

 

Summary:

Datadog can assist you with what is going on in the backend for certain SSO issues. This should show logs and errors that could be occurring preventing users from logging into TLSPC via SSO

 

More Information:

To view potential SSO issues in Datadog, we will need to query the logs to find relevant data. Here is a breakdown of a scenario:

If a user is reporting that when they attempt to login to TLS Protect Cloud via SSO, they are presented with a generic error stating that they cannot login. We can check Datadog.

  1. Login to Datadog via internal Okta tile (If you do not have access to Datadog, please reach out to Zach Zendejas or Marc Sattler)
    NOTE: You will need to login to either Datadog US for US tenants or Datadog EU for EU tenants.
  2. Click "Logs" Screenshot 2023-11-07 at 2.42.58 PM.png

  3. Specify the timeframe of when the error occurred in the upper right of the screen. The default here is 15 minutes.
    NOTE: Datadog logs are archived after 15 days. There are ways to search through these archives but support does not have permission to do it without engineering assistance. Contact Marc Sattler or Zach Zendejas if you need to search archived logs.
  4. In the search field, enter the following query: 
    index:main status:(warn OR info OR error) service:gateway-service "Authentication failed"
    Here is a breakdown of the query:
    index:main: This queries the main log channel

    status:(warn OR info OR error): this queries for entries with the status of warn, info, or error

    service:gateway-service: this queries for log entries from the gateway-service which is where SSO errors are populated from

    "Authentication Failed": If a user is having issues logging in, they will likely have an Authentication Failed error along with additional details.

Using this type of query should be able to identify why a user was unable to login or what issues could be occurring.

For additional information on SSO troubleshooting or automatic team assignment visit the following Confluence page: https://venafi.atlassian.net/wiki/spaces/CT/pages/1972863041/TVP+-+responding+to+support+queries

Was this article helpful?
0 out of 0 found this helpful

Comments