Below is a step by step guide to configure Azure AD as a SAML IdP within Datadog:
Note: an Azure AD Premium Subscription is required to set this up
When logged into Azure, go to the Azure Active Directory tab on the left hand menu.
Select the Enterprise applications service.
Click on the New application button.
Select the Non-gallery application.
Name it (e.g DatadogSSO_test).
Click on Add.
Once your application is successfully added, go in Configure single sign-on (required).
Select the SAML-based Sign-on as Single Sign-on Mode.
Navigate to the Datadog SAML page, find the Service Provider Entity ID & Assertion Consumer Service URL on the right hand of the page. Copy and paste those values in the Identifier and Reply URL text forms respectively: In Datadog:
In the Azure portal:
user.mail as the value for User Identifier:
Enter your Notification Email at the bottom of the page. When the active signing certificate approaches its expiration date, notifications are sent to this email address with instructions on how to update the certificate:
Click at the bottom of the page on Step 5, Configure DatadogSSO_test.
Scroll down to Step 3 of the Configure DatadogSSO_test for single sign on section, and download the SAML XML Metadata file.
Go to the top of your SSO Configuration section and click Save.
Navigate back to Datadog SAML page and upload the SAML XML Metadata file downloaded in Step 14:
Make sure to press the Upload File button after having chosen the XML file to upload.
And that’s it! It should now say SAML is ready and that valid IdP metadata is installed.
Begin to log in to Datadog via Azure AD by pressing Enable:
If you are using an SSO via a Datadog button or link, you need to add a Sign-on URL. To do this, navigate back to the SSO Configuration section of the Azure Application (Step 8) and check off Show advanced URL settings:
Then paste the Single Sign-on URL that is displayed in the Datadog SAML page.
Additional helpful documentation, links, and articles: