Okta SAML IdP

Okta SAML IdP

It’s recommended that you set up Datadog as an Okta application manually, as opposed to using a ‘pre-configured’ configuration.

General details

Okta IDP Input FieldExpected Value
Single Sign On URLAssertion Consumer Service URL (Find this URL on the Configure SAML page, in the Assertion Consumer Service URL field.)
Recipient URLAssertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox)
Destination URLAssertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox)
Audience URI (SP Entity ID)Service Provider Entity ID (Find this URL on the Configure SAML page, in the Service Provider Entity ID field.)
Name ID FormatEmailAddress
ResponseSigned
Assertion SignatureSigned
Signature AlgorithmSHA256
Assertion EncryptionAssertions can be encrypted, but unencrypted assertions are also accepted.
SAML Single LogoutDisabled
authnContextClassRefPasswordProtectedTransport
Honor Force AuthenticationYes
SAML Issuer IDhttp://www.okta.com/${org.externalKey}

Attribute statements details

NameName Format (optional)Value
NameFormatURI Referenceurn:oasis:names:tc:SAML:2.0:attrname-format:uri
snURI Referenceuser.lastName
givenNameURI Referenceuser.firstName

Group attribute statements (optional)

This is required only if you are using AuthN Mapping.

NameName Format (optional)Value
memberOfUnspecifiedMatches regex .* (This method retrieves all groups. Contact your IDP administrator if this does not fit your use case.)

Additional information on configuring SAML for your Datadog account is available on the SAML documentation page.

In the event that you need to upload an IDP.XML file to Datadog before being able to fully configure the application in Okta, see acquiring the idp.xml metadata file for a SAML template App article for field placeholder instructions.

Further Reading