Solved: Is Dynatrace supporting OIDC?

AshokBolla · ‎19 Jan 2025

I'm looking into Single Sign-On and OIDC authentication for my app we use, specifically using AWS cognitio as the IdP, but I can't find any documentation regarding SSO or OIDC for the Dynatrace SaaS product. Is it supported at all?

Under IAM docs, I see dynatrace supports oidc and oauth, but don't see any configuration guide.

PacoPorro · ‎20 Jan 2025

AFAIK, Dynatrace only supports SSO through SAML, you'll need to set up SAML to delegate authentication to your IdP.

AshokBolla · ‎25 Jan 2025

Any idea, Is this update planned for the future? Also, if I use SAML authentication, can the authenticated user be restricted to accessing only a single dashboard within a new dashboard application? They should not have access to other services or dashboards within this new app. Is it possible to implement this restriction using policies, management zones, or segments?

The goal is to provide limited access to an external user, confined to just one dashboard.

Maheedhar_T · ‎27 Jan 2025

Hi @AshokBolla ,
Certainly yes.
The data can be restricted. Let's say I am user who have access to view data of Application A only but not Application B. You are an admin user who configured the dashboard with the data of application B but accidentally shared it with me.
Even when I access that dashboard, I would only be able to see the names of the tiles but not the actual Data because my RBAC policy does not allow me to see that data.

Maheedhar

AshokBolla · ‎28 Jan 2025

Hello Maheedhar,

Thank you. Can you please share me the exact policies on implementing the above restrictions?

manoj1 · ‎05 Feb 2025

May be you can create SAML groups for each application, such as read and write groups. Permissions(Role and policies) can then be assigned at the management zone level, ensuring that users with specific group access will only have access to that application.

User and group management — Dynatrace Docs

Permission management — Dynatrace Docs