cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DynaTrace Synthetic Monitoring of application using SSO for authentication

dwh4911
Newcomer

Does DynaTrace Synthetic Monitoring support monitoring web application that use SAML 2.0 SSO authentication?

4 REPLIES 4

HannahM
Dynatrace Leader
Dynatrace Leader

Hi, 

you can find information on Supported authentication methods for Synthetic Monitoring here. If you have tried using the 'HTTP Authentication' option and it hasn't worked, you can try using a private windows location with the Dynatrace Synthetic Service logged on as the user required. The downside to this method is that you will need to update the user the service is logged on as every time you update the ActiveGate, as this is a workaround rather than supported functionality.  

Synthetic SME and community advocate.

StefanSchwarz
Participant

@HannahM: Do you know if there are any enhancements planned or already available regarding this topic?

We made very promising tests with the CyberArc integration and were capable to update a newly created password in CyberArc into the Dynatrace vault.

Our approach would be, that every day/hour CyberArc is generating a new password and is synchronizing this into Dynatrace vault and our Azure AD.
But in the synthetic session we must use the username from the vault and must inject the SAML request.

By manually adding the &login_hint=janedow@contoso.com and ForceAuthn="true" attributes in the SAML request we could successful reach the Azure ADP form. This would allow as to insert the username and password from the Dynatrace vault.

We are looking for a solution, that allows us to add the &login_hint="username from the Dynatrace vault" and ForceAuthn="true" to the request which is initiated in a synthetic monitor (e.g., by clicking on the "Login with SSO" button on a website).

I'm looking forward for your response as this is a crucial topic in our company regarding the rollout of Dynatrace's browser synthetic monitoring.

I think this might be easiest to check on chat/ via a support ticket, then we can see the request you are using and tweak it

Synthetic SME and community advocate.

Cezary_Tomaszew
Dynatrace Participant
Dynatrace Participant

Hi,

It is possible to do that for both HTTP and browser monitors using placeholders. However, for browser monitors, you need to complete one additional step:

1. HTTP monitor - You can directly use credential vault value in the URL.

Cezary_Tomaszew_1-1732889958638.png2. 

2. Browser monitor - You can not directly use in the monitors definition, but you can add aditional step and set user name as a variable:

Cezary_Tomaszew_2-1732890261841.png

Best regards,

Cezary

 

Featured Posts