How do I set up SAML 2.0 for single sign-on?

Dynatrace Managed supports integration with SSO IdP provider using SAML 2.0 protocol using HTTP POST and HTTP Redirect bindings. HTTP POST is a preferable one, meaning when both are configured HTTP POST will be used.

Set up SAML 2.0

  1. Go to User authentication > Single sign-on.
  2. From drop-down list select SAML 2.0.
  3. Download SP metadata file by clicking the Download SP metadata button. With this file, configure Dynatrace Managed as Service Provider in your Identity Provider server (IdP), refer to your IdP documentation for details.
  4. Download configuration metafile from your IdP server.
  5. Upload it to Dynatrace Managed (Select file button).

SAMl 2.0

Group assignment configuration

Every user needs to be assigned to at least one User Group, with attached at least one environment. Without this mapping, a user will not be able to log in to the system, but will receive an error message that no environment was found. It is possible to manage groups assignment of users in two ways:

  • manually in the Dynatrace Managed UI (set ‘Assign users to groups based on SAML 2.0 response attribute’ switch to off). In this case a list of groups sent from authentication response of the IdP is ignored.
  • automatically (set ‘Assign users to groups based on SAML 2.0 response attribute’ switch to on) and provide the attribute name, that represents your group name. Any assignment made in the Dynatrace Managed UI is overwritten with the list of groups that comes in the authentication response.