cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does Dynatrace SaaS support SSO via AzureAD?

jmishler
Inactive

I'm looking into Single Sign-On and SAML authentication for various apps we use, specifically using Azure AD as the IdP, but I can't find any documentation regarding SSO or SAML for the Dynatrace SaaS product. Is it supported at all?

32 REPLIES 32

nj_njoku
Inactive

Hi Jarvis,

See link below on how to set up SAML for SSO in Dynatrace.

https://www.dynatrace.com/support/help/get-started...

Hope This Helps

Thanks

NJ

Good stuff but this is only for managed and not SaaS.


gerald_holl
Dynatrace Mentor
Dynatrace Mentor

@Jarvis M.

We currently have an EAP for SAML for Dynatrace SaaS. If you are interested please let me know.

The doc mentioned by Ugochukwu apply to Dynatrace Managed only.

Gerald

@Gerald H.

I'm very interested in trying the SAML offering. We're currently implementing SSO for a client company and advocating for a Dynatrace SaaS within their environment as well. SAML capabilities would help Dynatrace fit into their workflow smoothly.

@Gerald H., any ideas when this functionality be GA? We just had new SaaS environment built and in the process of getting local infrastructure in place before onboarding OneAgent and one of our biggest challenges is authentication. Ideally we want to be able to use SAML (Okta), so need to know how long before this is availble to us.

Thanks Alpa.


Hello, GA is planned for Q1/2019.

Gerald


Hi @Gerald H. Q1 2019 already finished and Q2 is with us.... is there a target version for this feature?

Yos


Gerald H - We are just starting to implement and are extremely interested in EAP for SAML.


Hi @Gerald H.

Can you please add qvv89086 to the EAP?

Customer is struggling with adding users (currently got over 120 users....and there are more on the line)

Thanks in advcnce

Gil & Yos


karanjit_singh_
Newcomer

@Gerald H. - Hi Gerald - We have an urgent requirement to implement SSO authentication within Telstra for Dynatrace SaaS Instances. We were using Dynatrace SaaS within non-prod environment for application performance testing so far but now it is being rolled out to PROD and Pre-Prod environments on a bigger scale and it's a security mandate to authenticate the user using secure auth/SAML/OIDC.


kevin_goff
Participant

any news on SaaS SSO?


Hello, support for SAML federation is still on track. To be live end of March/early April 2019.

Gerald


thank you. is EAP still available for this?


The EAP is already closed as we have too many participants.


This is severe functionality that is missing. I know that Dynatrace is working on it, but I hope this is at the top of the priority list.


Larry, we are fully aware of the need for that feature and it is the top item in our features list.

Gerald


spostma
Inactive

Hi Guys, can you please give an update if end march/ begin April is still on track?


gerald_holl
Dynatrace Mentor
Dynatrace Mentor

Hi Stefan, it is April. We'll do a staged rollout though and not a Big Bang.

Gerald


Is there a way to sign up to get on a list for the rollout?


No, as we already have a full prioritised list of customers.


james_stephens
Newcomer

Any updates here?


We'll support it in April.


ajamthe
Newcomer

Hey Guys,

We are MLC/NAB are also after Dynatrace SAAS, SSO. Though our usecase is not via AzureAD, but on-prem AD. Is it still tracking mid-late April? Keen to do this.


Yes, it the dates c communicated are still valid. Once the feature is live, I'll provide an official blog post in our Dynatrace blog.


gerald_holl
Dynatrace Mentor
Dynatrace Mentor

Hello, SAML federation is now GA. Please check out the SAML setup instructions.

Gerald


kevin_goff
Participant

We are using Azure. After uploading the file from Azure for the metadata we see this error:Please provide a valid SAML 2.0 document containing an IDPSSODescriptor, POST single logout URL, and emailAddress NameIDFormat.


Kevin, looks like your IdP metadata is missing some entries that we expect. Can you please reach out to support or talk to us via chat?

Thanks, Gerald


We did get the same error as Kevin, did you manage to solve this problem?


I have an open support ticket but no replies yet.


It's a bit strange, the default federation metadata xml that is exported from our Azure AD tenant is not working. It's missing settings about "NameIDFormat". But I don't think you can change entityid in AzureAD SAML. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-sign-in-problem-application-error#change-entityid-user-identifier-format

If anyone has mange to setup SSO with Azure as Idp please provide a guide for it.


Did manage to get this to work with Azure AD.

So the solution to this is:

  • Sign SAML response and assertion (Link to How-To)
  • Add this line to under IDPSSODescriptor metadata XML that you export from Azure: <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

Marcin_Zejer
Dynatrace Newcomer
Dynatrace Newcomer

Hi Kevin and Patrik, looks there is problem with IDP configuration or metadata. Please share somehow metadata. You can do it by opening support ticket and sharing it here.

Thanks, Marcin