DataDog · urseberry · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
@@ -15,12 +15,14 @@ You can map attributes to the following principals:
 - [Datadog roles][1]
 - [Datadog Teams][2]
 
- Users with the Access Management permission can assign or remove Datadog principals based on a user's SAML-assigned attributes.
+Setting up a mapping from SAML attributes to Datadog entities allows you to manage users solely in your identity provider. The system then provisions users in Datadog according to the mappings you set up.
 
- Setting up a mapping from SAML attributes to Datadog entities allows you to manage users solely in your identity provider. The system then provisions users in Datadog according to the mappings you set up.
+You can create a maximum of 1000 role mappings and 1000 team mappings in each organization. If your organization needs more mappings, reach out to [Support][8].
 
 ## Prerequisites
 
+Users with the Access Management permission can assign or remove Datadog principals based on a user's SAML-assigned attributes.
+
 It's important to understand what is sent in an assertion before turning on mappings, as mappings require correct attributes. Every IdP has specific mappings. For example, Azure works with object IDs, and Okta requires you to set attributes in [Okta settings][3]. Datadog recommends cross-referencing with [built-in browser tooling][4] such as Chrome DevTools or browser extensions and [validating your SAML assertions][5] **before** creating mappings.
 
 ## Map SAML attributes to Datadog roles
@@ -72,3 +74,4 @@ Make changes to a mapping by clicking the pencil (**Edit**) icon, or remove a ma
 [5]: https://www.samltool.com/validate_response.php
 [6]: /account_management/authn_mapping/
 [7]: /account_management/teams/#choose-provisioning-source
+[8]: /help/