Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Before you create a Datadog resource, you must configure your Azure environment. This article walks through every prerequisite so you can complete the setup in one pass.
Prerequisites checklist
Review the following requirements before you begin:
| Requirement | Details |
|---|---|
| Azure account | An active Azure subscription. Create one for free if you don't have one. |
| Azure role | Owner access on the subscription. Check your access before you begin. The Owner role is required because the integration creates role assignments (Monitoring Reader) and diagnostic settings on your resources. |
| Resource provider | Microsoft.Datadog must be registered in your subscription. Azure registers it automatically when you create a Datadog resource, but if your organization restricts resource provider registration, you may need to register it manually. |
| Enterprise application (for SSO) | Required only if you want single sign-on. See Add enterprise application below. |
Verify resource provider registration
To check whether Microsoft.Datadog is registered in your subscription:
az provider show --namespace Microsoft.Datadog --query "registrationState" --output tsv
If the output isn't Registered, register it:
az provider register --namespace Microsoft.Datadog
Note
Resource provider registration is a one-time operation per subscription.
Add enterprise application
To use the Security Assertion Markup Language (SAML) single sign-on (SSO) feature within the Datadog resource, you must set up an enterprise application in Microsoft Entra ID. To add an enterprise application, you need one of these roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
Tip
If you don't need SSO, you can skip this step and proceed directly to creating a Datadog resource. You can configure SSO later.
Use the following steps to set up the enterprise application:
- Go to Azure portal. Select Microsoft Entra ID.
- In the left pane, select Manage > Enterprise applications.
- Select New Application.
- In Add from the gallery, search for Datadog. Select the search result then select Add.
- Once the app is created, go to properties from the side panel. Set User assignment required? to No, and select Save.
- Go to Single sign-on from the side panel. Then select SAML.
- Select Yes when prompted to save single sign-on settings.
The following SAML values are preconfigured by the Datadog gallery app:
| Setting | Expected value |
|---|---|
| Identifier (Entity ID) | https://us3.datadoghq.com/account/saml/metadata.xml |
| Reply URL (ACS URL) | https://us3.datadoghq.com/account/saml/assertion |
Important
If another enterprise application in your tenant already uses the same SAML identifier, you see an error when saving. Either disable the conflicting app or use it as the enterprise app for Datadog SSO. See Troubleshooting SSO for more information.
Verify SSO configuration
After setting up the enterprise application, verify the configuration:
- In Microsoft Entra ID > Enterprise applications, find and select your Datadog app.
- Select Single sign-on from the service menu.
- Confirm the SAML Signing Certificate section shows an active certificate.
- Confirm the Identifier and Reply URL values match the expected values above.
Next steps
Your environment is ready. Proceed to create your Datadog resource: