Please note: this page is no longer being updated and may not show current information.
Okta has enhanced the security of the SAML exchange by adding encryption and a stronger signature algorithm option. A robust algorithm provides a more secure assertion and response. Access these options through the App Integration Wizard, under Advanced Settings, as shown below.
To create your SAML 2.0 app, you'll need to access the App Integration Wizard. For detailed instructions on how to create your app, see Using the App Integration Wizard. The steps below refer to elements under the Show Advanced Settings link.
Note: For the encryption settings shown below to appear in the wizard, a specific feature flag must be activated on your org. For more information, contact Okta Support.
A SAML 2.0 configuration requires a combination of information from your org and that of the target app. Use your app-specific documentation and the Okta tool tips for assistance in completing each field.
- Response: choose Signed or Unsigned to determine whether SAML authentication response message is digitally signed by the IDP.
- Assertion Signature: choose Signed or Unsigned to choose whether the SAML is encrypted.
- Signature Algorithm: choose the signing algorithm used to digitally sign the SAML assertion and response.
- Digest Algorithm: choose the digest algorithm used to digitally sign the SAML assertion and response.
- Assertion Encryption: choose whether the SAML assertion is encrypted or not. Encryption ensures that only the sender and receiver can understand the assertion.
- Encryption Algorithm: choose the encryption algorithm used to encrypt the SAML assertion.
- Key Transport Algorithm: choose the key transport algorithm used to encrypt the SAML assertion.
- Encryption Certificate: browse to upload the public key certificate to encrypt the SAML assertion. Click the Upload Certificate button to upload the cert.
- Authentication context class: allows you to determine the type of authentication restriction, and is usually set at the default (PasswordProtectedTransport). Consult the SP documentation to obtain this information.
- Request compression: depends on the app and indicates whether or not the app will send the SAML Request compressed or not. Consult the SP documentation to get this information.