How to configure Auth0 as SAML IdP

Note: first_name and give_name are root attributes of an Auth0 user; these can only be set upon creation via Auth0 Management API; as of this writing, said attributes cannot be updated afterward. Instead, the user_metadata section will be used to specify any additional user information. Below screenshot for example.

 

 

 

1) Modify an existing Client or create a new one.

 

2) Under Addons tab of the Client, enable SAML2 Web App toggle.

 

Configure the following on the SAML2 Addon Settings tab:

Application Callback URL: https://app.datadoghq.com/account/saml/assertion

SAML Configuration: 

{
  "audience": "https://app.datadoghq.com/account/saml/metadata.xml",
  "mappings": {
  },
  "createUpnClaim": false,
  "passthroughClaimsWithNoMapping": false,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": false,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
  ],
}

source: https://auth0.com/docs/protocols/saml/saml-apps/datadog

 

3) Download the Identity Provider Metadata XML

The download link will be under the SAML2 Addon Usage tab. The downloaded file will be uploaded to Datadog during SAML configuration.

 

4) Create Rule to map the name attributes

Replace the sample code with:

function (user, context, callback) {
  context.samlConfiguration.mappings = {
    "urn:oid:2.5.4.42": "user_metadata.firstname",
    "urn:oid:2.5.4.4": "user_metadata.lastname"
  };

  callback(null, user, context);
}

 

Additional Information can be found:

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk