Sign in with Microsoft in Dynatrace SaaS SSO

Using a Microsoft corporate account and the Sign in with Microsoft option can streamline the sign-in process.

To sign in to Dynatrace SaaS SSO using a Microsoft account

  1. Select Sign in with Microsoft without entering a login in the login field.

  2. On first usage, you are presented with a Permission requested message on the Microsoft portal, where you are asked to allow Dynatrace to process your name and email address before proceeding.

    When you select Accept, you are redirected to the Microsoft sign-in screen, where you can easily authenticate with the credentials to your corporate Microsoft account.

Sign in with Microsoft triggers a login process using the OpenID Connect Protocol, but works in the same manner as when you enter your email address in the Dynatrace sign-in form. Signing in with Microsoft can also accelerate the authentication process with Azure: if your domain is configured to use SAML federation with Dynatrace, it will be used as part of the login flow.

Limitations

  • You have to already have a Dynatrace SaaS Single Sign-On (SSO) account before you can use Sign in with Microsoft.
  • You can't use Sign in with Microsoft to sign in to an account federation or environment federation. Only global federations are supported.
  • You can't use Sign in with Microsoft as an account federated guest.

FAQ

Some Azure IdP configurations prohibit users from allowing the Dynatrace OpenID Enterprise Application to give consent to profile information. For a solution, see these instructions for configuring consent and permissions in the Dynatrace Community.

Currently, only globally scoped federations are supported. The Sign in with Microsoft option won't work as expected for Account federated guests because they log in using account default federation, which has the account scope instead of the global one. However, we are actively working on enabling this feature for tenant and account federations.