See the following instructions to synchronize your Datadog users with Microsoft Entra ID using SCIM.

For capabilities and limitations of this feature, see SCIM.

Prerequisites

SCIM in Datadog is an advanced feature available with the Infrastructure Pro and Infrastructure Enterprise plans.

This documentation assumes your organization manages user identities using an identity provider.

Datadog strongly recommends that you use a service account application key when configuring SCIM to avoid any disruption in access. For further details, see using a service account with SCIM.

When using SAML and SCIM together, Datadog strongly recommends disabling SAML just-in-time (JIT) provisioning to avoid discrepancies in access. Manage user provisioning through SCIM only.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator
  2. Browse to Identity -> Applications -> Enterprise Applications
  3. Click New Application
  4. Type “Datadog” in the search box
  5. Select the Datadog application from the gallery
  6. Optionally, enter a name in the Name text box
  7. Click Create

Note: If you already have Datadog configured with Microsoft Entra ID for SSO, go to Enterprise Applications and select your existing Datadog application.

Configure automatic user provisioning

  1. In the application management screen, select Provisioning in the left panel
  2. In the Provisioning Mode menu, select Automatic
  3. Open Admin Credentials
  4. Complete the Admin Credentials section as follows:
    • Tenant URL: https:///api/v2/scim Note: Use the appropriate subdomain for your site. To find your URL, see Datadog sites.
    • Secret Token: Use a valid Datadog application key. You can create an application key on your organization settings page. To maintain continuous access to your data, use a service account application key.
Azure AD Admin Credentials configuration screen
  1. Click Test Connection, and wait for the message confirming that the credentials are authorized to enable provisioning.
  2. Click Save. The mapping section appears. See the following section to configure mapping.

Attribute mapping

User attributes

  1. Expand the Mappings section

  2. Click Provision Azure Active Directory Users. The Attribute Mapping page appears.

  3. Set Enabled to Yes

  4. Click the Save icon

  5. Under Target Object actions, ensure Create, Update, and Delete actions are selected

  6. Review the user attributes that are synchronized from Microsoft Entra ID to Datadog in the attribute mapping section. Set the following mappings:

    Microsoft Entra ID AttributeDatadog Attribute
    userPrincipalNameuserName
    Not([IsSoftDeleted])active
    jobTitletitle
    mailemails[type eq "work"].value
    displayNamename.formatted
    Attribute mapping configuration, Provision Azure Active Directory Users
  7. After you set your mappings, click Save.

Group attributes

Group mapping is not supported.

PREVIEWING: brett0000FF/node-compatibility