Azure Active Directory SAML IdP

Azure Active Directory SAML IdP

Follow these steps to configure Azure AD as a SAML identity provider (IdP) within Datadog. Note: An Azure AD subscription is required. If you don’t have a subscription, sign up for a free account.

Configuration

Azure

  1. Open the Azure portal and sign in as a global administrator or co-admin.

  2. Navigate to Azure Active Directory -> Enterprise applications -> New application.

  3. Scroll down to the Add from the gallery section, type Datadog in the search box.

  4. Select Datadog from the results panel.

  5. Enter the name of your application in the Name textbox and click Add.

  6. Once your application is added, go to Single sign-on from the application’s left-side navigation menu.

  7. On the Select a single sign-on method page, click on SAML.

  8. Retrieve your Service Provider Entity ID and Assertion Consumer Service URL from the Datadog SAML page. The default values are:

    Service Provider Entity IDhttps:///account/saml/metadata.xml
    Assertion Consumer Service URLhttps:///account/saml/assertion

  9. In Azure, add the values retrieved above and click save:

    Service Provider Entity ID to Identifier
    Assertion Consumer Service URL to Reply URL

  10. Set the User Identifier to user.mail and click save.

  11. Go to SAML Signing Certificate section and check that your Notification Email is correct. When the active signing certificate approaches its expiration date, notifications are sent to this email address with instructions on how to update the certificate.

  12. In the same SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it.

Datadog

  1. Go to the Datadog SAML page.

  2. Choose and upload the SAML XML Metadata file downloaded from Azure.

  3. You should see the messages SAML is ready and Valid IdP metadata installed:

    SAML_Configuration___Datadog11

  4. Click Enable to start using Azure AD single sign-on with SAML:

    SAML_Configuration___Datadog12

Advanced URL

If you are using SSO with a Datadog button or link, a sign-on URL is required:

  1. Retrieve your Single Sign-on URL from the Datadog SAML page:

    SAML_Configuration___Datadog13

  2. In Azure, navigate to the SSO Configuration section of your Azure Application, check Show advanced URL settings, and add your single sign-on URL.

Further Reading

Additional helpful documentation, links, and articles:

Configure SAML for your Datadog accountDOCUMENTATION more more Configuring Teams & Organizations with Multiple AccountsDOCUMENTATION more more