Identity Provider Configuration Settings with MDP SSO

Click a link to view more information about the provider:

• MS Active Directory 3.0
• MS Active Directory 2.0
• Azure

Use these configuration settings to connect to MDP:

• When configuring the Identifier ID and Reply URL (Assertion Consumer Service URL), use the MDP URL of the application that you use to log into MDP:
  • AWS US https://app.datorama.com
  • AWS EU https://app-eu.datorama.com
  • Azure US https://app-us2.datorama.com
  • Azure EU https://app-eu2.datorama.com
• When configuring the Sign-on URL field, enter the URL according to the MDP application that you use: (this is the Users Direct Login Page)
  • AWS US https://app.datorama.com/services/auth/sso/<account ID>
  • AWS EU https://app-eu.datorama.com/services/auth/sso/<account ID>
  • Azure US https://app-us2.datorama.com/services/auth/sso/<account ID>
  • Azure EU https://app-eu2.datorama.com/services/auth/sso/<account ID>

If you’re using SAML2, follow these guidelines:

• MDP uses SAML2 with the HTTP Redirect binding for SP to IdP and expects the HTTP Post binding for IdP to SP.
• You can find the MDP Customer URL (also called the Assertion Consumer Service URL / ACS) in your Datorama account on the Single Sign-on setting page.
• The NameID must contain the user’s email address: Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
• Your identity provider might ask if you want to sign the SAML assertion, the SAML response, or both. MDP requires the SAML response to be signed. You can choose signed or unsigned for the SAML assertion.