How do I set up mobile apps for Real User Monitoring?

This topic applies to Dynatrace Managed installations only.

Dynatrace Managed installations typically run within private data centers, where each incoming connection is restricted by a firewall. To enable instrumented mobile apps to report Real User Monitoring data to your Dynatrace Managed installation, you'll need to:

  1. Install a public Managed Security Gateway.

  2. Configure a public communication endpoint. A public Security Gateway provides a secure IP address where your mobile apps can safely send their monitoring data. Use this public endpoint URL for your mobile app instrumentation configuration.

Note: The public Managed Security Gateway is listening by default to port 9999. If this isn't desired, it's possible to change this port in the Security Gateway configuration file. Alternatively, you can use the port of your choice and then redirect the traffic to port 9999 through the firewall settings.

Your existing publicly available Security Gateway URLs are available for viewing within your Dynatrace Managed installation at Settings > Public endpoints.

Mobile app instrumentation

Based on your platform, follow the instructions below to enable your mobile app to send session information directly to your Dynatrace Managed cluster.


To investigate problems that you may encounter with mobile Real User Monitoring, check the following:

Is the certificate of the Public Security Gateway correct?

  • Is the certificate root CA signed? OneAgent for Android and OneAgent for iOS require a special setting for working with self-signed certificates.
  • Does the Public Security Gateway have a host name that matches the certificate? Certificate host name validation fails for IP addresses.

Is the Public Security Gateway reachable from the mobile app network?

  • Using a mobile device browser, confirm that timesync delivers a valid response. For example, https://<psg-url>:<port>/mbeacon?type=mts should deliver something like type=mts&t1=<timestamp>&t2=<timestamp>.

Are you receiving a correct OneAgent configuration response from the Public Security Gateway?

  • Using a mobile device browser, confirm if OneAgent configuration requests deliver a valid response. For example, https://<psg-url>:<port>/mbeacon/<environment id>?type=m&app=<app id>.

  • Verify that the environment ID and the app ID are the same as those shown in the mobile OneAgent setup instructions for mobile apps.

  • The response should start with type=m and should not contain cp=0. Such a value would mean that capture is disabled for this app ID and that it is an unknown app. The response may also contain other configuration values like type=m&id=1&bl=150.