I am doing a POC where I would like to setup SAML auth for Datadog with Azure AD as the source (final) identity provider.
I have done the following so far:
-
Setup an enterprise connection to Azure AD which seems to be working when I “try” it
{ "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "groups": "http://schemas.xmlsoap.org/claims/Group", "user_id": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "given_name": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "nameIdentifier": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" }
-
Setup Datadog as an application with connection from the previous step. I have also done the necessary steps on Datadog side to setup Auth0 as the IDP. I am getting redirected to the correct places to authenticate but it ends up in this error below:
I have inspected the SAML response and I get the following:
<Attribute Name=http://schemas.microsoft.com/identity/claims/tenantid>
<AttributeValue>99987d92-3ba8-4218-9e2b-207fa2e4a999</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.microsoft.com/identity/claims/objectidentifier>
<AttributeValue>8154678b-ba6c-4cec-9b32-d5e65a4f2999</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name>
<AttributeValue>auth0user@redacted.com</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname>
<AttributeValue>User</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname>
<AttributeValue>Auth0</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.microsoft.com/identity/claims/displayname>
<AttributeValue>Auth0</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.microsoft.com/identity/claims/identityprovider>
<AttributeValue>https://sts.windows.net/99987d92-3ba8-4218-9e2b-207fa2e4a999/</AttributeValue>
</Attribute>
<Attribute Name=http://schemas.microsoft.com/claims/authnmethodsreferences>
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
</Attribute>
Any idea what I am doing wrong here?