cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Account SSO login

jarinmusarrat
Dynatrace Contributor
Dynatrace Contributor

hello,

 

when setting SSO login we have to first add a domain and verify it in the account page. For example test.com but if my client changes that domain and gets a new one with test.xyz.com then after verifying it would it automatically allow the users who were logged in with the 1st domain test.com? Or do they have to get new invites with their test.xyz.com? This seems like a lot of work and my client is worried if this would make all the data unavailable for the existing test.com?

5 REPLIES 5

abhi
Dynatrace Advisor
Dynatrace Advisor

Hi @jarinmusarrat,

 

Multi-domain SSO login is available in Dynatrace, you would just need to verify each domain one after the other for each configuration.

abhi_0-1657155185566.png

Hope the following document will be helpful for your setup:

Manage users and groups with SAML in Dynatrace 

 

jarinmusarrat
Dynatrace Contributor
Dynatrace Contributor

we already have multiple domains, but they want to get rid of the first domain in the image below and wants to change it to contractor.victoria.com instead of the lb.com. once I verify the new victoria.com domain what would happen to users who were using lb.com? Would they need new invites again for switching to victoria.com? And what happens to their previous data?

jarinmusarrat_0-1657196673694.png

 

It would still work because each domain would have a unique "Dynatrace-site-verification" ID. As you mentioned, they can still remove the domain 'contractor.lb.com' and add a new domain ' contractor.victoria.com' to your domain’s DNS configuration.

  • Upon this the user's with the 'contractor.lb.com' domain user's won't be able to access Dynatrace UI because they wouldn't be able to authenticate it.
  • They wouldn't be needing a new invite. However, you would need to confirm if the new users with the domain are part of the respective group as per the "Security group claim attribute"
  • All the Dynatrace data will still remain the same, only difference would be the new user's accessing the tool with the different domain name.

techean
Dynatrace Champion
Dynatrace Champion

Are you using SAML or LDAP?

KG

jarinmusarrat
Dynatrace Contributor
Dynatrace Contributor

SAML