Okta SAML Identity Provider Configuration

Docs > Account Management > Single Sign On With SAML > Okta SAML Identity Provider Configuration

Overview

This page tells you how to set up the Datadog application in Okta.

Before proceeding, make sure that you are using the latest version of the Datadog application:

In Okta, click Applications.
Open the Datadog application.
Select the General tab.
Look for a field labeled SSO Base URL.

Datadog application configuration in Okta, highlighting the SSO base URL

If you don’t see the SSO Base URL field, configure Okta using the legacy instructions.

Supported features

The Datadog Okta SAML integration supports the following:

IdP-initiated SSO
SP-initiated SSO
JIT provisioning

For definitions of the terms above, see the Okta glossary.

Setup

Set up Okta as the SAML identity provider (IdP) for Datadog with the following instructions. The setup process requires you to alternate between your Okta and Datadog accounts.

Add the Datadog integration in Okta

Log in to your Okta admin dashboard.
In the left navigation, click Applications.
Click Browse App Catalog.
Use the search bar to search for “Datadog”.
Select the Datadog app for SAML and SCIM.
Click Add Integration. The General Settings dialog appears.
Populate the SSO Base URL field with your Datadog website URL.
Click Done.

Note: The SSO Base URL field accepts custom subdomains if you are not using a standard Datadog website URL.

Next, download the metadata details to upload to Datadog:

While in the settings dialog for the Datadog application in Okta, click the Sign on tab.
Scroll down until you see the Metadata URL.
Click Copy.
Open a new browser tab and paste the metadata URL into the address bar.
Use your browser to save the content of the metadata URL as an XML file.

Configure Datadog

Upload metadata details

Navigate to Login Methods under Organization Settings.
In the SAML component, click Configure or Update, depending on whether you have previously configured SAML. The SAML configuration page appears.
Click Choose File, and select the metadata file you previously downloaded from Okta.

SAML configuration in Datadog, highlighting metadata upload button

For the Datadog application to function correctly, you must activate IdP initiated login.

After you activate IdP initiated login, users can log in to Datadog from Okta

To activate IdP initiated login, execute the following steps:

Navigate to the SAML configuration page.
Under Additional Features, click the checkbox for Identity Provider (IdP) Initiated Login. The component displays the Assertion Consumer Service URL.
The content in the Assertion Consumer Service URL after /saml/assertion is your company ID. Enter this value with the /id/ prefix in Okta to finalize your configuration.
Click Save Changes.

SAML configuration in Datadog, highlighting the company ID portion of the assertion consumer service URL

Return to Okta for the next set of configuration steps.

Add the company ID in Okta

Return to the Okta admin dashboard.
Select the Sign on tab.
Click Edit.
Scroll down to the Advanced Sign-on Settings section.
Paste your full company ID including the /id/ prefix into the Company ID field (/id/XXXXXX-XXXX-XXX-XXXX-XXXXXXX).
Click Save.

To log in to Datadog using service provider-initiated login (SP-initiated SSO), you need the single sign-on (SSO) URL. You can find your SSO URL in two ways: on the SAML configuration page, or through email.