DataDog integration with Azure AD
Overview:
Many organizations rely on DataDog for monitoring and analytics to ensure the performance and stability of their applications and infrastructure. As part of enhancing security and access control, integrating DataDog with Azure Active Directory (Azure AD) is a strategic move. Azure AD serves as a comprehensive identity and access management solution that streamlines user authentication and provides secure access to various applications.
Use Case:
Consider a scenario where a mid-sized software development company relies on DataDog to monitor its applications and infrastructure. To address security and user management challenges, they decide to integrate DataDog with Azure AD.
How to configure:
- Sign in to DataDog:
— Log in to your DataDog account as an administrator. - Access the Azure AD Portal:
— Open the Azure AD portal (https://portal.azure.com/) and sign in as an administrator. - Register DataDog as an Enterprise Application:
— In the Azure AD portal, go to “Azure Active Directory.”
— Under “Manage,” select “App registrations.”
— Click on “New registration” to register DataDog as an enterprise application.
— Provide a name and optional details for the registration.
— Set the “Supported account types” to the appropriate option for your organization (e.g., “Accounts in this organizational directory only” or “Accounts in any organizational directory”).
— Specify the Redirect URI (e.g.,https://app.datadoghq.com/account/sso/saml/login/callback/). - Configure Single Sign-On (SSO):
— In the Azure AD portal, navigate to the registered DataDog application.
— Under “Manage,” select “Single sign-on.”
— Choose the SAML-based Sign-on method.
— Configure the SAML settings:
— Identifier (Entity ID): Typically, this is the DataDog SAML endpoint (e.g.,https://app.datadoghq.com/account/sso/saml/metadata/).
— Reply URL (Assertion Consumer Service URL): Enter the DataDog ACS URL (e.g.,https://app.datadoghq.com/account/sso/saml/login/callback/).
— Sign on URL: Enter the DataDog sign-in URL (e.g.,https://app.datadoghq.com/account/sso/saml/login/).
— User Identifier: Choose a user attribute that uniquely identifies users in Azure AD (e.g.,user.userprincipalname). - Configure DataDog:
— Contact DataDog support or your DataDog account manager to configure DataDog’s end of the SAML integration. They will provide you with the necessary information and settings to complete this step. - Test the Integration:
— Test the Azure AD integration by signing in to DataDog using Azure AD credentials. - Assign Users and Groups:
— In Azure AD, assign users or groups to the DataDog application to grant them access.
Important
The source attribute is set to
Group ID. This is the UUID of the group in Microsoft Entra ID. This means that the group ID is sent by Microsoft Entra ID as a group claim attribute value, not as the group name. You need to change mappings in Datadog to map to the group ID instead of to the group name. For more information, see Datadog SAML mappings.
Summary:
Remember to follow best practices for security and access control when integrating DataDog with Azure AD to protect your organization’s data and resources. Specific steps and configurations may vary based on your organization’s requirements and the current state of the Azure AD portal and DataDog integration features. Always refer to the latest documentation provided by both DataDog and Microsoft Azure for the most up-to-date instructions.
Links:
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/saas-apps/datadog-tutorial.md
https://docs.datadoghq.com/integrations/azure_active_directory/
https://docs.datadoghq.com/account_management/saml/azure/
https://en.wikipedia.org/wiki/Datadog