Single Sign-On

Database Performance Monitor supports Single Sign-On for authenticating and provisioning users. This allows organizations with large teams to simplify the process of granting or revoking access to DPM. We currently support Okta, OneLogin, and Azure for SSO. Note that this feature is only available to Premium-tier customers.

Important: To use Single Sign-On, you must have SAML Single Sign-On selected as your authentication method in DPM.

Select your identity provider to see detailed instructions on setup.

Enabling SSO with an incorrect configuration may cause users to lose access to the account. If this happens, the single designated account Owner can bypass login with SSO and authenticate directly with their name and password by going to, substituting accountname for the account domain.

Authentication with OneLogin

Create a new DPM app in OneLogin by clicking here.

OneLogin Before Creation

Click “SAVE.”

Then, go to the Configuration tab to setup API access. When you visit the page, it will look something like this:

OneLogin Empty Config

Enter your organization’s subdomain in the field DPM Org Subdomain. The subdomain is your organization nickname; it is the subdomain of the DPM app URL you use when accessing DPM. If you access DPM through “,” you will enter “acme.”

Then, in SCIM Base URL, enter https://{subdomain}, where {subdomain} is your organizations nickname (“acme” in this example).

Then, in SCIM Bearer Token, enter the DPM API authentication token found in the DPM application Settings page. Enable the API.

The configuration page, when complete, should look like the following:

OneLogin Config Sample

In the Provisioning tab, you must select Enable Provisioning for VividCortex. This is mandatory so DPM can be notified about any changes in your team.

OneLogin Enable Provisioning

Lastly, find the SAML metadata by clicking More Actions:

OneLogin Enable Provisioning

You will need to download the file at the Issuer URL:

OneLogin Enable Provisioning

Copy and paste its content (the XML) into the Federation metadata field in the DPM Authentication settings page. Then click Save.

You can now use OneLogin for creating, deleting, and updating users.

Authentication with Okta

Supported features

Single Sign On for DPM using Okta supports the following features for SCIM:

  • Creating users
  • Updating user attributes
  • Deactivating users
  • Importing users
  • Group pushing

Single Sign on for DPM also supports and requires SAML authentication.


To use Single Sign-On, you must have SAML Single Sign-On selected as your authentication method in DPM.

This feature is only available to organizations that have a Premium-tier DPM account.

Configuration steps

Go to your Okta Dashboard, find the DPM app, and add it. A configuration screen will appear.

Okta Add DPM

In General Settings, under Subdomain, enter your DPM account subdomain. For example, if you access DPM at “," your subdomain is acme. Click Done.

Okta Subdomain Setting

Navigate to ‘Sign On’ settings, and click ‘Edit’ in the top right corner. Under ‘CREDENTIALS DETAILS’, change the Application username format to Email and click Save.

Username Format

In the SAML 2.0 box, click the link for ‘Identity Provider metadata.’ Copy and paste the XML into the FEDERATION METADATA box in DPM.

Username Format

Enable provisioning

The next step requires you to enable provisioning features. This is mandatory so DPM can be notified about any changes in your team. Open ‘Provisioning’ settings and click ‘Configure API Integration’ and ‘Enable API Integration’.

API Integration

Generate an API token in the Authentication Settings of DPM, and paste that API token into the API Token field in Okta. Click ‘Test API Credentials’ to ensure everything is working. Click Save.

Edit the ‘Provisioning To App’ settings and enable Create Users, Update User Attributes, and Deactive Users. Click Save. Create Users, Update User Attributes and Deactivate Users must be enabled in order to keep the user directory in sync with DPM.

API Integration

In DPM, once you have pasted the FEDERATION METADATA, click Save.

API Integration

If you’d like, you can assign existing users to the DPM app by clicking ‘Assignments’ in Okta.

Group provisioning with Okta

With group provisioning, you can push groups from Okta to DPM. After you have created a group in Okta and added users to it, you can push the group to DPM. Any Okta groups pushed to DPM will be set up as a Team in DPM. You don’t need to have already created the team in DPM.

The default assigned role for DPM teams that have been pushed from Okta is read-only. You can modify the team’s roles from DPM. See Role Based Access Control for more information.

To push a group from Okta to DPM:

  1. Click Applications in the left menu.
  2. Click the Push Groups tab.
  3. Select the method to filter groups. (Push groups by name shown below)
  4. Select Create Group to create and push the group to DPM as a DPM team.

Group provisioning

You can use the Push Groups feature to remove a group from DPM by following the same steps but selecting unlink for step 4.

Known issues / Troubleshooting

There are no known issues for Single Sign On provisioning with Okta. Ensure that you meet the requirements to use Single Sign On with Okta and follow the configuration steps closely.

Authentication with Azure

Follow the Microsoft documentation to create a non-gallery application.

Configure Single sign-on using the following values:

  • Set the Identifier (Entity ID) to
  • Set the Reply URL to https://{subdomain} For example, if you access DPM at “," your subdomain is acme.
  • Set the Unique User Identifier to user.mail
  • Download the Federation Metadata XML and paste that into the FEDERATION METADATA field in DPM.

API Integration

Configure Provisioning with the following values:

  • Change the Provisioning Mode to Automatic.
  • Set the SCIM Base URL to https://{subdomain}
  • Configure the SCIM Bearer Token using a DPM API token generated from the Authentication Settings page.

API Integration

Save the configuration in DPM.

API Integration