Follow the examples below to configure Dynatrace SSO using Okta as the SAML identity provider (IdP).
Important: Use this IdP-specific help as part of the entire SAML configuration procedure for Dynatrace SaaS.
In the General settings, follow this example.
Values in the example are:
|Single sign on URL||
|Audience URI (SP Entity ID)||
|Name ID format||
|Update application username on||
Show Advanced Settings for additional configuration settings as shown in the example.
Values in the example include:
|Enable Single Logout and Single Logout URL||If you want to enable single logout service with Dynatrace SSO:
|Signature Certificate||The certificate file required by Okta for SSO application configuration can be converted from an X509Certificate using, for instance, this online tool. The result should be just a X509Certificate wrapped with a header. You can find the Dynatrace SSO metadata for the certificate file at:
To enable SAML authorization in Dynatrace SSO
- In the Attribute Statements section, add entries for first name and last name.
- In the Group Attribute Statements section, add an entry to enable mapping of groups between Okta IdP and Dynatrace SSO.
Values displayed here are only examples.
Attribute names need to match the Dynatrace federated attribute values on the Dynatrace Single sign-on page:
First name attribute
Last name attribute
Security group claim attribute
You can configure Group Attribute Statements filtering using Okta's proprietary expression language. For example,
.* means that all groups assigned to the user will be sent with the SAML request.