How do I configure Okta as a SAML IdP?

It's recommended that you set up Datadog as an Okta app manually, as opposed to using a 'preconfigured' configuration.

General Details

  • Single Sign On URL: https://app.datadoghq.com/account/saml/assertion (NOTE: If using IdP initiated login you'll need to use a public ID-specific URL which is generated after enabling IdP initiated login in Datadog. You can find this URL at the 'Configure SAML' page, in the 'Assertion Consumer Service URL' field. Example URL: "https://app.datadoghq.com/account/saml/assertion/id/<PUBLIC_ID>" This will also apply to the 'Recipient URL' and the 'Destination URL' fields respectively.)
  • Recipient URLhttps://app.datadoghq.com/account/saml/assertion (or check the box labeled "Use this for Recipient URL and Destination URL" in Okta)
  • Destination URLhttps://app.datadoghq.com/account/saml/assertion (or check the box labeled "Use this for Recipient URL and Destination URL" in Okta)
  • Audience URI (SP Entity ID)https://app.datadoghq.com/account/saml/metadata.xml
  • Default Relay State: <not required/leave blank>
  • Name ID Format: EmailAddress
  • Response: Signed
  • Assertion Signature: Signed
  • Signature Algorithm: RSA_SHA256
  • Digest Algorithm: SHA256
  • Assertion Encryption: <Assertions can be encrypted, but unencrypted assertions will also be accepted>
  • SAML Single Logout: Disabled
  • authnContextClassRef: PasswordProtectedTransport
  • Honor Force Authentication: Yes
  • SAML Issuer ID: http://www.okta.com/<OKTA_ENTITY_ID>

Attribute Statements Details

  • NameFormaturn:oasis:names:tc:SAML:2.0:attrname-format:uri
  • snuser.lastName
  • givenName: user.firstName

Additional Information on configuring SAML for your Datadog account can be found here: http://docs.datadoghq.com/guides/saml/

In the event that you need to upload an IDP.XML file to Datadog before being able to fully configure the app in Okta, see HERE for field placeholder instructions.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk