Microsoft Active Directory Federation Services SAML IdP

Microsoft Active Directory Federation Services SAML IdP

The Datadog SAML integration for SSO provides a pathway for linking an organization to an external user management system so that credentials can be kept and managed in a central system. This doc is meant to be used as an add-on to the main Single Sign On With SAML documentation, which gives an overview of single sign-on from the Datadog perspective.

To begin configuration of SAML for Active Directory Federation Service (AD FS), see Microsoft’s Configure a SAML 2.0 provider for portals with AD FS docs.

Once SAML is configured, users can login by using the link provided in the SAML configuration page. Keep in mind that users still need to be invited and activated before they’re able to login. Be sure to invite new users by using the email address corresponding to their Active Directory user records; otherwise they may be denied as shown below.

In most setups, a user’s user@domain is their Microsoft login, but this is not enforced. You can confirm the email address used within the user record as shown below.

For questions regarding Datadog in-app errors pertaining to SAML, contact the Datadog support team. For errors pertaining to AD FS SAML setup and errors, contact Microsoft support.