Okta as a Service Provider - how to redirect users after IDP sign in
We have a 3rd party IDP hooked up to Okta, so Okta is both SP to that IDP and the IDP for downstream applications. IDP > Okta > apps
When signing in with the 3rd party IDP, the user always lands on the Okta homepage. Is there a way to pass a redirect url so that when one of our users requests authentication to a downstream app and logs in via the IDP, Okta redirects them appropriately after login?
Thanks, but those sources mention Okta to Okta - our IDP is a 3rd party and using a bookmark to construct a relaystate url doesn't help us as the users are not yet logged into any Okta org. These users go to an app (downstream SP), get prompted with an Okta login page, but then click a link to go to a 3rd party IDP and login. That link disrupts the authentication flow, and therefore lands the user back on the Okta homepage after login.
Similar to the topic above, I want to be able to set a RelayState when communicating with the 3rd party IDP, but it doesn't appear that this is in the IDP configuration settings. If I could set a RelayState on the link the user clicks on the Okta login page, it could allow the user to pass through to their desired application. I tried a simple query string parameter, but that doesn't work.
Okta trusts the IDP, it has been configured correctly through the IDP Okta admin screen. We're not having users log into Okta explicitly, but because Okta is the IDP for downstream systems, that is where they land.
If we allow Okta to default to our 3rd party IDP, the scenario works perfectly: the user goes to a downstream app, is redirected to Okta, then to our IDP, which logs into Okta, and then Okta redirects to the target app.
But we're not ready to make this IDP our default, so users get redirected to the Okta login page, at which point we need a method of logging them in through the 3rd party IDP and getting them back to their target application.