pass username Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Yoav MadorskyYoav Madorsky 

pass username

My company is working on enabling SSO for some of our customers using Okta SAML. When users log in to our system, they provide their email address and then we know how to authenticate them: redirect them to Okta or authenticate them ourselsves. 
In the Okta login scenario, since the users already provided their username in our system, we rather they didn't have to retype it in Okta. 
Is there a way w ecan pass the username to the Okta login page?

We are using Java and OpenSAML.
We tried passing the username as a <Subject> element in the AuthnRequest. That didn't work: Okta left the username field empty.  

Thanks in advance!
Matt MaherMatt Maher (Okta, Inc.)
Hi Yoav, This is exactly something that Okta can do! The Okta IWA Web App for DesktopSSO allows users who authenticate with Windows to be automatically authenticated with Okta. Okta IWA is a lightweight Internet Information Services (IIS) web app that enables Desktop SSO on the Okta service. 

Please take a look at our detailed documentation about how to integrate that in your environment. 

Install and Configure the Okta IWA Web App for DesktopSSO
Ozgur OzguvenOzgur Ozguven

I have a similar issue. If there is no IWA in place, my users are having to type their username (email address) twice in an IDP Discovery scenario. We have Hub & Spoke model in which we publish apps at the Hub level and we want our Spoke users to be able to log in. Our apps have custom login page which is the IDP Discovery. On this custom page, users enter their username, we then send them to their Spoke but we can't pass the username. So, they have to enter it again on the Spoke login page which is silly. Any thoughts?

Matt MaherMatt Maher (Okta, Inc.)
Hi Oz, I think it would be best if you opened a support case with us to better assist you with your question. You can open a support case here:
Kevin KlitzkeKevin Klitzke

The original question was not about a Windows integration, but about passing a user id to Okta (when acting as IdP) through the <saml2:Subject> element of the <AuthnRequest>, and have that id show up in the Okta login widget, overriding a possible "Remember me" cookie.

We would like that feature as well. I looked through the Idea section under Federation and protocols, there doesn't seem to be one for this requirement.