Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Dynatrace, ensure you meet the following requirements:
- Dynatrace admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Dynatrace are registered in your IdP and have the necessary permissions to access Dynatrace.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Dynatrace - SSO configuration
Step 1 - Dynatrace Configuration
- Log into the Dynatrace Administration Portal.
- Navigate to Identity & Access Management, SAML Configuration.
- Click New Configuration
- Select Account Federation and click Next.
- Name the configuration Multi-Pass.
- Click Generate SP Metadata and save the XML file locally.
Step 2 - Multi-Pass Configuration
- Open Multi-Pass Dashboard
- Select your tenant
- On the left side, click on Integrations
- then click on Applications.
- Choose SAML under Custom Integrations.
- Upload the Dynatrace SP metadata you downloaded earlier.
- Verify that the NameID Policy Format is set to email.
SAML — Form values (Multi-Pass)
| Field | Value |
|---|---|
| Client ID (= SP Entity ID) | https://sso.dynatrace.com/identity-federation/federation/<RANDOM_STRING> |
| Name | Dynatrace |
| Description | Dynatrace SSO integration |
| Assertion Consumer Service (ACS) URL | https://sso.dynatrace.com/identity-federation/sp/consumer/account/<RANDOM_STRING>/federation/<RANDOM_STRING> |
| NameID Policy Format | email |
- Click Add Integration.
- Download the Tenant XML Data and save it locally (to upload into Dynatrace later).
- Open Advanced Console
- Click on Clients.
- Search for Dynatrace and verify the settings below.
General settings
| Field | Value |
|---|---|
| Client ID | https://sso.dynatrace.com/identity-federation/federation/<RANDOM_STRING> |
| Name | Dynatrace |
| Description | Dynatrace SSO integration |
| Always Display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://sso.dynatrace.com/identity-federation/sp/consumer/account/<RANDOM_STRING>/federation/<RANDOM_STRING> |
| IDP-Initiated SSO URL Name | <APP_NAME> |
| Valid post logout redirect URIs | https://sso.dynatrace.com/identity-federation/sp/consumer/account/<RANDOM_STRING>/federation/<RANDOM_STRING> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
Step 3 - Complete Dynatrace SP Configuration
- In Dynatrace, return to your SAML configuration wizard.
- Upload the Tenant XML Metadata file from Multi-Pass.
- Validate by signing in with a Multi-Pass test account.
- Under Scope Assignment, select Allow users from all other domains to authenticate via your IdP.
- Toggle Enable SSO ON and click Complete Configuration.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...ZoomInfo - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...