question

Jarvis M. avatar image
Jarvis M. asked ·

Does Dynatrace SaaS support SSO via AzureAD?

I'm looking into Single Sign-On and SAML authentication for various apps we use, specifically using Azure AD as the IdP, but I can't find any documentation regarding SSO or SAML for the Dynatrace SaaS product. Is it supported at all?

azuresso
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Gerald H. avatar image
Gerald H. answered ·

Hello, SAML federation is now GA. Please check out the SAML setup instructions.

Gerald

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Gerald H. avatar image
Gerald H. answered ·

@Jarvis M.

We currently have an EAP for SAML for Dynatrace SaaS. If you are interested please let me know.

The doc mentioned by Ugochukwu apply to Dynatrace Managed only.

Gerald

6 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

@Gerald H.

I'm very interested in trying the SAML offering. We're currently implementing SSO for a client company and advocating for a Dynatrace SaaS within their environment as well. SAML capabilities would help Dynatrace fit into their workflow smoothly.

0 Likes 0 · ·

@Gerald H., any ideas when this functionality be GA? We just had new SaaS environment built and in the process of getting local infrastructure in place before onboarding OneAgent and one of our biggest challenges is authentication. Ideally we want to be able to use SAML (Okta), so need to know how long before this is availble to us.

Thanks Alpa.

1 Like 1 · ·

Hello, GA is planned for Q1/2019.

Gerald

2 Likes 2 · ·

Hi @Gerald H. Q1 2019 already finished and Q2 is with us.... is there a target version for this feature?

Yos

0 Likes 0 · ·

Gerald H - We are just starting to implement and are extremely interested in EAP for SAML.

0 Likes 0 · ·

Hi @Gerald H.

Can you please add qvv89086 to the EAP?

Customer is struggling with adding users (currently got over 120 users....and there are more on the line)

Thanks in advcnce

Gil & Yos

0 Likes 0 · ·
Karanjit S. avatar image
Karanjit S. answered ·

@Gerald H. - Hi Gerald - We have an urgent requirement to implement SSO authentication within Telstra for Dynatrace SaaS Instances. We were using Dynatrace SaaS within non-prod environment for application performance testing so far but now it is being rolled out to PROD and Pre-Prod environments on a bigger scale and it's a security mandate to authenticate the user using secure auth/SAML/OIDC.

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Ugochukwu N. avatar image
Ugochukwu N. answered ·

Hi Jarvis,

See link below on how to set up SAML for SSO in Dynatrace.

https://www.dynatrace.com/support/help/get-started...

Hope This Helps

Thanks

NJ

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Good stuff but this is only for managed and not SaaS.

0 Likes 0 · ·
Marcin Z. avatar image
Marcin Z. answered ·

Hi Kevin and Patrik, looks there is problem with IDP configuration or metadata. Please share somehow metadata. You can do it by opening support ticket and sharing it here.

Thanks, Marcin

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Kevin G. avatar image
Kevin G. answered ·

We are using Azure. After uploading the file from Azure for the metadata we see this error:Please provide a valid SAML 2.0 document containing an IDPSSODescriptor, POST single logout URL, and emailAddress NameIDFormat.

5 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Kevin, looks like your IdP metadata is missing some entries that we expect. Can you please reach out to support or talk to us via chat?

Thanks, Gerald

0 Likes 0 · ·

We did get the same error as Kevin, did you manage to solve this problem?

0 Likes 0 · ·

I have an open support ticket but no replies yet.

0 Likes 0 · ·

It's a bit strange, the default federation metadata xml that is exported from our Azure AD tenant is not working. It's missing settings about "NameIDFormat". But I don't think you can change entityid in AzureAD SAML. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-sign-in-problem-application-error#change-entityid-user-identifier-format

If anyone has mange to setup SSO with Azure as Idp please provide a guide for it.

0 Likes 0 · ·

Did manage to get this to work with Azure AD.

So the solution to this is:

  • Sign SAML response and assertion (Link to How-To)
  • Add this line to under IDPSSODescriptor metadata XML that you export from Azure: <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
0 Likes 0 · ·
A J. avatar image
A J. answered ·

Hey Guys,

We are MLC/NAB are also after Dynatrace SAAS, SSO. Though our usecase is not via AzureAD, but on-prem AD. Is it still tracking mid-late April? Keen to do this.

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Yes, it the dates c communicated are still valid. Once the feature is live, I'll provide an official blog post in our Dynatrace blog.

1 Like 1 · ·
James S. avatar image
James S. answered ·

Any updates here?

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

We'll support it in April.

1 Like 1 · ·
Gerald H. avatar image
Gerald H. answered ·

Hi Stefan, it is April. We'll do a staged rollout though and not a Big Bang.

Gerald

2 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Is there a way to sign up to get on a list for the rollout?

0 Likes 0 · ·

No, as we already have a full prioritised list of customers.

0 Likes 0 · ·
Stefan P. avatar image
Stefan P. answered ·

Hi Guys, can you please give an update if end march/ begin April is still on track?

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Space Topics

mobile monitoring dotnet synthetic monitoring reports iis chat kubernetes servicenow amazon web services mysql mainframe rest api errors cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo syntheticadvisory activegate ip addresses auto-detection high five award oracle hyperion webserver uem usql iib test automation license web performance monitoring ios news migration management zones index ibm mq web services notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai synthetic classic availability tipstricks automation extensions diagnostic tools session replay permissions davis assistant faq documentation problem detection http monitors server easytravel apdex aws-quickstart network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration user actions postgresql synthetic locations oneagent security Dynatrace Managed user management custom python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting NGINX action naming linux nam installation masking error reporting database mission control jmeter recorder apache mobileapp RUM php threshold azure purepath davis scripting agent aix nodejs android