Setup
Follow Okta’s Create SAML app integrations docs to configure Okta as a SAML IdP.
Note: It’s recommended that you set up Datadog as an Okta application manually, as opposed to using a pre-configured
configuration.
Note: US1 customers can use the preset configuration in Okta’s How to Configure SAML 2.0 for Datadog docs to configure Okta as a SAML IdP.
General details
Okta IDP Input Field | Expected Value |
---|
Single Sign On URL | Assertion Consumer Service URL (Find this URL on the Configure SAML page, in the Assertion Consumer Service URL field.) |
Recipient URL | Assertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox) |
Destination URL | Assertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox) |
Audience URI (SP Entity ID) | Service Provider Entity ID (Find this URL on the Configure SAML page, in the Service Provider Entity ID field.) |
Name ID Format | EmailAddress |
Response | Signed |
Assertion Signature | Signed |
Signature Algorithm | SHA256 |
Assertion Encryption | Assertions can be encrypted, but unencrypted assertions are also accepted. |
SAML Single Logout | Disabled |
authnContextClassRef | PasswordProtectedTransport |
Honor Force Authentication | Yes |
SAML Issuer ID | http://www.okta.com/${org.externalKey} |
Attribute statements details
Name | Name Format (optional) | Value |
---|
NameFormat | URI Reference | urn:oasis:names:tc:SAML:2.0:attrname-format:uri |
sn | URI Reference | user.lastName |
givenName | URI Reference | user.firstName |
Group attribute statements (optional)
This is required only if you are using AuthN Mapping.
Name | Name Format (optional) | Value |
---|
memberOf | Unspecified | Matches regex .* (This method retrieves all groups. Contact your IDP administrator if this does not fit your use case.) |
Additional information on configuring SAML for your Datadog account is available on the SAML documentation page.
In the event that you need to upload an IDP.XML
file to Datadog before being able to fully configure the application in Okta, see acquiring the idp.xml metadata file for a SAML template App article for field placeholder instructions.
Further Reading
Additional helpful documentation, links, and articles: