The Datadog Mobile App with IdP Initiated SAML

Setup

In order to use the Datadog mobile app with Identity Provider (IdP) Initiated SAML, you need to pass an additional Relay State through to Datadog to trigger the mobile app landing page on login. Once enabled, all sign ins from SAML for that particular app land on a the interstitial page before proceeding.

  • On mobile devices with the Datadog mobile app installed, users should first log in with their identity provider using their mobile browser (see the example with Google, below). Then, the app automatically captures the request and allows the user to sign in.
Google IDP relay state
  • On Desktop devices or devices where the app is not installed, the user needs to click “Use the Datadog Website” to proceed.
Datadog Mobile SAML Interstitial

Providers

Note: Datadog IdP Initiated SAML works with most identity providers. If you run into trouble while configuring your identity provider with the Datadog Mobile App, contact Datadog support.

OneLogin

When configuring your OneLogin app, set the Relay State value on the Application Details page to dd_m_idp.

One Login's Application Details Page

Okta

When configuring your Okta app, set the Default RelayState value on the Configure SAML page to dd_m_idp.

Okta's Configure SAML page

Google

When configuring your Google app for SAML, set the Start URL under the Service Provider Details to dd_m_idp.

Google's Service Provider Details Page

Troubleshooting

If you see a 403 Forbidden error on login after configuring the Relay State, contact Support to ensure that the feature has been enabled for your organization.

PREVIEWING: safchain/fix-custom-agent