--- isPrivate: true title: Legacy Okta SAML IdP configuration description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Account Management > Account Management FAQ > Legacy Okta SAML IdP configuration --- # Legacy Okta SAML IdP configuration ## Setup{% #setup %} Follow Okta's [Create custom SAML app integrations](https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm?cshid=ext_Apps_App_Integration_Wizard-saml) instructions to configure Okta as a SAML IdP. **Note**: Set up Datadog as an Okta application manually. Do not use the preconfigured Datadog application. ## General details{% #general-details %} | Okta IDP Input Field | Expected Value | | --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Single Sign On URL | Assertion Consumer Service URL (Find this URL on the [Configure SAML page](https://app.datadoghq.com/saml/saml_setup), in the *Assertion Consumer Service URL* field.) | | Recipient URL | Assertion Consumer Service URL (or click the *Use this for Recipient URL and Destination URL* checkbox) | | Destination URL | Assertion Consumer Service URL (or click the *Use this for Recipient URL and Destination URL* checkbox) | | Audience URI (SP Entity ID) | Service Provider Entity ID (Find this ID on the [Configure SAML page](https://app.datadoghq.com/saml/saml_setup), in the *Service Provider Entity ID* field.) | | Name ID Format | EmailAddress | | Response | Signed | | Assertion Signature | Signed | | Signature Algorithm | SHA256 | | Assertion Encryption | Assertions can be encrypted, but unencrypted assertions are also accepted. | | SAML Single Logout | Disabled | | authnContextClassRef | PasswordProtectedTransport | | Honor Force Authentication | Yes | | SAML Issuer ID | `http://www.okta.com/${org.externalKey}` | ## Attribute statements details{% #attribute-statements-details %} | Name | Name Format (optional) | Value | | ---------- | ---------------------- | ------------------------------------------------- | | NameFormat | URI Reference | `urn:oasis:names:tc:SAML:2.0:attrname-format:uri` | | sn | URI Reference | `user.lastName` | | givenName | URI Reference | `user.firstName` | ## Group attribute statements (optional){% #group-attribute-statements-optional %} This is required only if you are using [AuthN Mapping](https://docs.datadoghq.com/account_management/saml/mapping.md). | Name | Name Format (optional) | Value | | -------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------------- | | memberOf | Unspecified | Matches regex `.*` (This method retrieves all groups. Contact your IDP administrator if this does not fit your use case.) | Additional information on configuring SAML for your Datadog account is available on the [SAML documentation page](https://docs.datadoghq.com/account_management/saml.md). In the event that you need to upload an `IDP.XML` file to Datadog before being able to fully configure the application in Okta, see [acquiring the idp.xml metadata file for a SAML template App article](https://support.okta.com/help/s/article/How-do-we-download-the-IDP-XML-metadata-file-from-a-SAML-Template-App) for field placeholder instructions. ## Further Reading{% #further-reading %} - [Configure SAML for your Datadog account](https://docs.datadoghq.com/account_management/saml.md) - [Configuring Teams & Organizations with Multiple Accounts](https://docs.datadoghq.com/account_management/multi_organization.md)