24 Jun 2024 08:18 AM - last edited on 25 Jun 2024 07:06 AM by MaciejNeumann
We added a new SAML configuration by integrating one of our company domains with Okta. However, we need a particular address excluded. Is it possible?
Solved! Go to Solution.
31 Jul 2024 01:44 PM
Hi @vpasinelli ,
The foundation of SAML federation is to delegate the authentication and authorization management to the external IDP (e.g. customer's Okta). If some particular user from configured and verified in Dynatrace domain should not be allowed to access Dynatrace, the user can be, e.g. removed from application or groups allowing the access on IDP side. In the worse scenario, if user is able to sign in via external IDP, this user might be created based on JIT provisioning, but without access to any resources, if it wasn't explicitly granted by account admin.