Legacy Okta SAML IdP configuration
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project,
feel free to reach out to us!Setup
Follow Okta’s Create custom SAML app integrations instructions to configure Okta as a SAML IdP.
Note: Set up Datadog as an Okta application manually. Do not use the preconfigured Datadog application.
General details
Okta IDP Input Field | Expected Value |
---|
Single Sign On URL | Assertion Consumer Service URL (Find this URL on the Configure SAML page, in the Assertion Consumer Service URL field.) |
Recipient URL | Assertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox) |
Destination URL | Assertion Consumer Service URL (or click the Use this for Recipient URL and Destination URL checkbox) |
Audience URI (SP Entity ID) | Service Provider Entity ID (Find this ID on the Configure SAML page, in the Service Provider Entity ID field.) |
Name ID Format | EmailAddress |
Response | Signed |
Assertion Signature | Signed |
Signature Algorithm | SHA256 |
Assertion Encryption | Assertions can be encrypted, but unencrypted assertions are also accepted. |
SAML Single Logout | Disabled |
authnContextClassRef | PasswordProtectedTransport |
Honor Force Authentication | Yes |
SAML Issuer ID | http://www.okta.com/${org.externalKey} |
Attribute statements details
Name | Name Format (optional) | Value |
---|
NameFormat | URI Reference | urn:oasis:names:tc:SAML:2.0:attrname-format:uri |
sn | URI Reference | user.lastName |
givenName | URI Reference | user.firstName |
Group attribute statements (optional)
This is required only if you are using AuthN Mapping.
Name | Name Format (optional) | Value |
---|
memberOf | Unspecified | Matches regex .* (This method retrieves all groups. Contact your IDP administrator if this does not fit your use case.) |
Additional information on configuring SAML for your Datadog account is available on the SAML documentation page.
In the event that you need to upload an IDP.XML
file to Datadog before being able to fully configure the application in Okta, see acquiring the idp.xml metadata file for a SAML template App article for field placeholder instructions.
Further Reading
Más enlaces, artículos y documentación útiles: