Single Sign-On

Database Performance Monitor supports Single Sign-On for authenticating and provisioning users. This allows organizations with large teams to simplify the process of granting or revoking access to DPM. We currently support Okta, OneLogin, and Azure for SSO. Note that this feature is only available to Premium-tier customers.

Select your identity provider to see detailed instructions on setup.

Authentication with OneLogin

Create a new DPM app in OneLogin by clicking here.

OneLogin Before Creation

Click “SAVE.”

Then, go to the Configuration tab to setup API access. When you visit the page, it will look something like this:

OneLogin Empty Config

Enter your organization’s subdomain in the field DPM Org Subdomain. The subdomain is your organization nickname; it is the subdomain of the DPM app URL you use when accessing DPM. If you access DPM through “,” you will enter “acme.”

Then, in SCIM Base URL, enter https://{subdomain}, where {subdomain} is your organizations nickname (“acme” in this example).

Then, in SCIM Bearer Token, enter the DPM API authentication token found in the DPM application Settings page. Enable the API.

The configuration page, when complete, should look like the following:

OneLogin Config Sample

In the Provisioning tab, you must select Enable Provisioning for VividCortex. This is mandatory so DPM can be notified about any changes in your team.

OneLogin Enable Provisioning

Lastly, find the SAML metadata by clicking More Actions:

OneLogin Enable Provisioning

You will need to download the file at the Issuer URL:

OneLogin Enable Provisioning

Copy and paste its content (the XML) into the Federation metadata field in the DPM Authentication settings page. Then click Save.

You can now use OneLogin for creating, deleting, and updating users. If you have any questions, contact Support via the in-app chat or by emailing

Authentication with Okta

Go to your Okta Dashboard, find the DPM app, and add it. A configuration screen will appear.

Okta Add DPM

In General Settings, under Subdomain, enter your DPM account subdomain. For example, if you access DPM at “," your subdomain is acme. Click Done.

Okta Subdomain Setting

Navigate to ‘Sign On’ settings, and click ‘Edit’ in the top right corner. Under ‘CREDENTIALS DETAILS’, change the Application username format to Email and click Save.

Username Format

In the SAML 2.0 box, click the link for ‘Identity Provider metadata.’ Copy and paste the XML into the FEDERATION METADATA box in DPM.

Username Format

The next step requires you to enable provisioning features. This is mandatory so DPM can be notified about any changes in your team. Open ‘Provisioning’ settings and click ‘Configure API Integration’ and ‘Enable API Integration’.

API Integration

Generate an API token in the Authentication Settings of DPM, and paste that API token into the API Token field in Okta. Click ‘Test API Credentials’ to ensure everything is working. Click Save.

Edit the ‘Provisioning To App’ settings and enable Create Users, Update User Attributes, and Deactive Users. Click Save. Create Users, Update User Attributes and Deactivate Users must be enabled in order to keep the user directory in sync with DPM.

API Integration

In DPM, once you have pasted the FEDERATION METADATA, click Save.

API Integration

If you’d like, you can assign existing users to the DPM app by clicking ‘Assignments’ in Okta.

Authentication With Azure

Follow the Microsoft documentation to create a non-gallery application.

Configure Single sign-on using the following values:

  • Set the Identifier (Entity ID) to
  • Set the Reply URL to https://{subdomain} For example, if you access DPM at “," your subdomain is acme.
  • Set the Unique User Identifier to user.mail
  • Download the Federation Metadata XML and paste that into the FEDERATION METADATA field in DPM.

API Integration

Configure Provisioning with the following values:

  • Change the Provisioning Mode to Automatic.
  • Set the SCIM Base URL to https://{subdomain}
  • Configure the SCIM Bearer Token using a DPM API token generated from the Authentication Settings page.

API Integration

Save the configuration in DPM.

API Integration