It’s recommended that you set up Datadog as an Okta application manually, as opposed to using a ‘pre-configured’ configuration.
Single Sign On URL: https://app.datadoghq.com/account/saml/assertion
(NOTE: If using IdP initiated login, use a public ID-specific URL which is generated after enabling IdP initiated login in Datadog. Find this URL at the ‘Configure SAML’ page, in the ‘Assertion Consumer Service URL’ field. Example URL:
https://app.datadoghq.com/account/saml/assertion/id/ This also applies to the Recipient URL and the Destination URL fields respectively.)
Recipient URL: https://app.datadoghq.com/account/saml/assertion (or check the box labeled “Use this for Recipient URL and Destination URL” in Okta)
Destination URL: https://app.datadoghq.com/account/saml/assertion (or check the box labeled “Use this for Recipient URL and Destination URL” in Okta)
Audience URI (SP Entity ID): https://app.datadoghq.com/account/saml/metadata.xml
Default Relay State:
Name ID Format: EmailAddress
Assertion Signature: Signed
Signature Algorithm: RSA_SHA256
Digest Algorithm: SHA256
Assertion Encryption: Assertions can be encrypted, but unencrypted assertions are also accepted.
SAML Single Logout: Disabled
Honor Force Authentication: Yes
SAML Issuer ID:
Additional information on configuring SAML for your Datadog account is available on the SAML documentation page. If you are using the custom sub-domain feature, your specific details are also available there.
In the event that you need to upload an
IDP.XML file to Datadog before being able to fully configure the application in Okta, see acquiring the idp.xml metadata file for a SAML template App article for field placeholder instructions.
Additional helpful documentation, links, and articles: