Configure SCIM with Microsoft Entra ID
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
See the following instructions to synchronize your Datadog users with Microsoft Entra ID using SCIM.
For capabilities and limitations of this feature, see SCIM.
Prerequisites
SCIM in Datadog is an advanced feature available with the Infrastructure Pro and Infrastructure Enterprise plans.
This documentation assumes your organization manages user identities using an identity provider.
Datadog strongly recommends that you use a service account application key when configuring SCIM to avoid any disruption in access. For further details, see using a service account with SCIM.
When using SAML and SCIM together, Datadog strongly recommends disabling SAML just-in-time (JIT) provisioning to avoid discrepancies in access. Manage user provisioning through SCIM only.
Add Datadog to the Microsoft Entra ID application gallery
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator
- Browse to Identity -> Applications -> Enterprise Applications
- Click New Application
- Type “Datadog” in the search box
- Select the Datadog application from the gallery
- Optionally, enter a name in the Name text box
- Click Create
Note: If you already have Datadog configured with Microsoft Entra ID for SSO, go to Enterprise Applications and select your existing Datadog application.
- In the application management screen, select Provisioning in the left panel
- In the Provisioning Mode menu, select Automatic
- Open Admin Credentials
- Complete the Admin Credentials section as follows:
- Tenant URL:
https:///api/v2/scim
Note: Use the appropriate subdomain for your site. To find your URL, see Datadog sites. - Secret Token: Use a valid Datadog application key. You can create an application key on your organization settings page. To maintain continuous access to your data, use a service account application key.
- Click Test Connection, and wait for the message confirming that the credentials are authorized to enable provisioning.
- Click Save. The mapping section appears. See the following section to configure mapping.
Attribute mapping
User attributes
Expand the Mappings section
Click Provision Azure Active Directory Users. The Attribute Mapping page appears.
Set Enabled to Yes
Click the Save icon
Under Target Object actions, ensure Create, Update, and Delete actions are selected
Review the user attributes that are synchronized from Microsoft Entra ID to Datadog in the attribute mapping section. Set the following mappings:
Microsoft Entra ID Attribute | Datadog Attribute |
---|
userPrincipalName | userName |
Not([IsSoftDeleted]) | active |
jobTitle | title |
mail | emails[type eq "work"].value |
displayName | name.formatted |
After you set your mappings, click Save.
Group attributes
Group mapping is not supported.