Supported authentication methods in Synthetic Monitoring

Dynatrace Synthetic Monitoring offers various methods for monitoring web applications or API endpoints that require authentication. Read on for an overview of the most common scenarios and the appropriate methods to use.

Browser monitors

The web form (HTML-based) or HTTP authentication methods are supported for single-URL browser monitors and browser clickpaths.

Monitor a web application with web form (HTML-based) authentication

The most common scenario is a webpage with web form (HTML-based) authentication, which requires you to enter a username and password.

Web application with HTML-based authentication

The Web form authentication option is supported for single-URL browser monitors.

  1. From the navigation menu, select Synthetic > Create a synthetic monitor > Create a browser monitor.
  2. In Additional options, turn on Enable global login authentication.
  3. Select the Web form authentication type.
  4. Either use an existing credential from the credential vault (Select credentials) or Create new credentials.
  5. Complete the configuration of your single-URL browser monitor.

Monitor a web application with basic, digest, NTLM, or Negotiate (Kerberos) authentication

If you need to monitor a page with a browser-native dialog box (that is not part of the web application) to authenticate (as in the image below), it's likely that the basic, digest, NTLM, or Negotiate authentication methods are used in the background.

Native browser login dialog box

  1. From the navigation menu, select Synthetic > Create a synthetic monitor > Create a browser monitor.
  2. In Additional options, turn on Enable global login authentication.
  3. Select the HTTP authentication type.
  4. Either use an existing credential from the credential vault (Select credentials) or Create new credentials.

HTTP monitors

HTTP monitors support the basic, NTLM, token, OAuth 2.0, or certificate authentication methods.

Monitor endpoints requiring Basic or NTLM authentication

  1. Select Synthetic from the navigation menu > Create a synthetic monitor > Create an HTTP monitor.

  2. Select Add HTTP request and choose the HTTP request type.

  3. In the Additional options of the request, Set authentication/authorization.

  4. Select Basic authentication or NTLM.

  5. Either use an existing credential from the credential vault (Select credentials) or Create new credentials.

    Dynatrace automatically generates the required Authorization header with the information you've provided.

  6. Finish configuring your HTTP monitor.

Monitor endpoints requiring bearer or token authentication

  1. Select Synthetic from the navigation menu > Create a synthetic monitor > Create an HTTP monitor.

  2. Select Add HTTP request and choose the HTTP request type.

  3. In the Additional options of the request, Set additional HTTP headers.

  4. Select Add header.

  5. Fill out the header, for example, set:

    Header name = Authorization
    Header value = Bearer <your-token>

    or

    Header name = Authorization
    Header value = Api-Token <your-token>

  6. Finish configuring your HTTP monitor.

Monitor endpoints requiring OAuth 2.0 authorization

OAuth 2.0 authorization is available for HTTP monitors and is most commonly used when querying API endpoints. Dynatrace provides the OAuth2 authorization request type, which is a specialized HTTP request template for OAuth 2.0 authorization requests.

You first need to set up an OAuth 2.0 request for an access token, which you need to use in all subsequent HTTP requests in your monitor that queries the API endpoint. The returned token is not stored to the credential vault, but it's easily accessible as an auto-complete option in your subsequent HTTP requests.

  1. From the navigation menu, select Synthetic > Create a synthetic monitor > Create an HTTP monitor and provide a Name.
  2. Select Add HTTP request and choose the OAth2 authorization request type.
  3. Enter the URL from which you're requesting an authorization token (Access token URL) and request Name.
  4. Select Add HTTP request to view expanded request settings. Note that the OAuth 2.0 request is automatically created as a POST request.
  5. Fill out or edit these important settings in the request details.
    1. Depending on how your authentication server is set up, opt to Add authorization data to the Request body or Request URL. Fill out the POST parameters (grant_Type, scope, client_id, username, and password) in the Request body or Request URL. You may add/modify parameters as needed.

      OAuth parameters in request body OAuth parameters in request URL

    2. A post-execution script is automatically enabled, where:

      • The request fails if the returned status code is not 200.
      • The api.fail() method defines the Failure message that appears in case of failure on the Events card on the HTTP monitor details page.
      • If the request is successful, the response body, which is a JSON-formatted string, is stored in a JavaScript object (called bearToken-2 in this example).
      • The api.info() method sends information to a log file, which is accessible on private Synthetic locations.

      Post-execution script

    3. Set token request authentication enables you to specify additional authentication details (Basic authentication, NTLM, or Kerberos) for the server that the OAuth application sits behind.

For subsequent HTTP requests

  1. Create an additional HTTP request for the endpoint you need to monitor (Add HTTP request).
  2. In the Additional options of the second request.
    • Enable Set authentication/authorization and select OAuth2 method. Note that this option is only available if you've created an OAuth 2.0 authorization request (described above).

      An autogenerated pre-execution script referencing the OAuth token received in the request created above is displayed.

      OAuth method in HTTP request

    • Alternatively, set an HTTP Authorization header with the JavaScript object containing the OAuth token as the Header value.

      OAuth method in HTTP request

  3. Finish configuring your HTTP monitor.

Monitor endpoints requiring a client certificate

  1. From the navigation menu, select Synthetic > Create a synthetic monitor > Create an HTTP monitor and provide a Name.
  2. Select Add HTTP request and choose the HTTP request type.
  3. In the Additional options of the request, Add client certificate.
    1. Either use an existing certificate from the credential vault (Select credentials) or Create new credentials.
  4. Finish configuring your HTTP monitor.

Note

To assure full mutual authentication, disable Accept any SSL certificate when using certificate authentication.