Configuring Okta as a SAML IdP
New announcements from Dash: Incident Management, Continuous Profiler, and more! New announcements from Dash!

Configuring Okta as a SAML IdP

It’s recommended that you set up Datadog as an Okta application manually, as opposed to using a ‘pre-configured’ configuration.

General Details

  • Single Sign On URL: (NOTE: If using IdP initiated login, use a public ID-specific URL which is generated after enabling IdP initiated login in Datadog. Find this URL at the ‘Configure SAML’ page, in the ‘Assertion Consumer Service URL’ field. Example URL: This also applies to the Recipient URL and the Destination URL fields respectively.)

  • Recipient URL: (or check the box labeled “Use this for Recipient URL and Destination URL” in Okta)

  • Destination URL: (or check the box labeled “Use this for Recipient URL and Destination URL” in Okta)

  • Audience URI (SP Entity ID):

  • Default Relay State:

  • Name ID Format: EmailAddress

  • Response: Signed

  • Assertion Signature: Signed

  • Signature Algorithm: RSA_SHA256

  • Digest Algorithm: SHA256

  • Assertion Encryption: Assertions can be encrypted, but unencrypted assertions are also accepted.

  • SAML Single Logout: Disabled

  • authnContextClassRef: PasswordProtectedTransport

  • Honor Force Authentication: Yes

  • SAML Issuer ID:

Attribute Statements Details

  • NameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • sn: user.lastName
  • givenName: user.firstName

Additional Information on configuring SAML for your Datadog account can be found on the dedicated SAML documentation page:

In the event that you need to upload an IDP.XML file to Datadog before being able to fully configure the application in Okta, see acquiring the idp.xml metadata file for a SAML template App article for field placeholder instructions.

Further Reading