Related documentation

• Checkmk official documentation

• How-to work with Okta SAML KB

• How-to work with Cyberark Workforce SAML KB

• Troubleshooting Azure SAML authentication failure KB

Overview

SAML authentication is currently not supported in Checkmk distributed monitoring setups. If you run a central Checkmk site with one or more remote sites, SAML cannot be used to authenticate users across the distributed environment.

This article explains why this limitation exists and what alternatives are available.

Problem

Some environments cannot allow LDAP access from the Checkmk server to the customer’s directory service due to security policies.

In these cases, administrators may want to use SAML authentication instead. However, when using distributed monitoring with a central site and remote sites, SAML authentication cannot currently be used for remote site logins.

Reason

This behavior is intentional and related to how distributed monitoring works in Checkmk.

In a distributed setup:

1. The central site manages the configuration.

2. Configuration changes are pushed from the central site to remote sites.

3. This configuration synchronization works only in one direction.

SAML authentication requires interactive communication with an Identity Provider during login.

Because remote sites do not maintain this type of authentication synchronization with the central site, SAML authentication cannot currently be supported in distributed monitoring environments.

Future plans

Supporting SAML authentication in distributed monitoring would require changes to how authentication and site communication work.

Because of this, the feature cannot be implemented in the short term.

However:

• The functionality is being considered.

• It is currently planned for Checkmk 3.0, the next major release after Checkmk 2.5.

Please note that roadmap items can change.

Feature request

If SAML support in distributed monitoring is important for your environment, we recommend supporting the existing Feature Request in the Checkmk Ideas Portal.

Customer feedback helps prioritize future development.

Related articles