Below is a step by step guide to configure Azure AD as a SAML IdP within Datadog
Note, an Azure AD Premium Subscription is required to set this up
1) Navigate to manage.windowsazure.com
2) Go to the Active Directory sub menu
3) Select the active directory you wish to use for SSO
4) Go the "Applications" section along the top nav bar
5) Press "Add" at the bottom of the screen
6) Select "Add an application from the gallery"
7) Select "Custom" -> "Add an unlisted application my organization is using" -> Enter a name like "DatadogSSOApp" as the application name. Then press the check button when complete
NOTE if you don't see the "Add an unlisted application my organization is using" option, it means that you don't have the Premium subscription for Azure AD. Upgrade to Azure AD Premium and then refresh the page
8) Once the Application has been created, select "Configure single sign-on"
9) Select "Microsoft Azure AD Single Sign-On"
10) Navigate to https://app.datadoghq.com/saml/saml_setup, find the Service Provider Entity ID & Assertion Consumer Service URL on the right hand of the page. Copy and paste those values in the "Identifier" and "Reply URL" text forms respectively
11) On the next page Download Metadata (XML), check the box confirming you have configured SSO and press next. You will need to use this file in step 17
12) Enter in an email address at which you would like to be notified about maintenance issues
13) Once you are back to the applications main page, navigate to "Attributes"
14) In "SAML Token Attributes", hover over the line where "TYPE" is "user attribute (nameid)" (usually the first one) and click on the pencil icon to edit
15) Change the attribute value to "user.mail" and press the check button
16) Press "Apply Changes" at the bottom of the screen
17) Navigate back to https://app.datadoghq.com/saml/saml_setup and upload the xml file downloaded in step 11
18) Make sure to press "Upload File" after choosing the XML file
19) And that's it! It should now say SAML is ready and that Valid IdP metadata installed. You can immediately begin logging in to Datadog via Azure AD by pressing "Enable"
If you are using a SSO via a Datadog button or link, you need to add a Sign-on URL. To do this, navigate back to the configure SSO Configuration section of the Azure Application, go to step 2, check off "Show advanced settings (optional)" and paste the Single Sign-on URL that is displayed in the configure SAML page in Datadog. (You'll have to click through the Azure wizard again to save the changes)