Okta for staging environments Skip to main content
https://support.okta.com/help/answers?id=9062a000000xa4uqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jeff TurnerJeff Turner 

Okta for staging environments

Hi,

Say we have a production webapp, https://app.ds, authenticated with Okta SAML 2.0. We also have a staging instance of this at https://app-staging.ds.

How is Okta best configured for staging environments? Do I need a separate Okta App for staging, or can app-staging.ds use the same Okta settings, and but tell Okta "redirect the user back to app-staging.ds, not app.ds"?

Thanks!
Jaypee ManansalaJaypee Manansala (Okta)
Hi Jeff,

Thanks for posting your inquiry to Okta Community portal.

"Best practices" is to create new app for the staging instance with its SAML endpoint separately. Each app in Okta has unique identifier for each SAML endpoint unless your app supports multiple ACS URL.

Best,

JP  
Jeff TurnerJeff Turner

"unless your app supports multiple ACS URL." - I guess that refers to the "multiple ACS support" referred to at this unanswered question: https://support.okta.com/help/answers?id=9062A000000bmTzQAI. The App Integration Wizard docs (https://help.okta.com/en/prev/Content/Topics/Apps/Apps_App_Integration_Wizard.htm#SAMLWizard) have this promising-sounding setting:

Allow apps to request other URLs – For use in SP-initiated sign-in flows. Select this option to configure multiple ACS URLs to support apps capable of choosing where the SAML Response is sent. Specify an index or URL to uniquely identify each ACS URL endpoint. If an AuthnRequest message does not specify an index or URL, the SAML Response is sent to the default ACS URL specified in the Single sign on URL field.

But perhaps that documentation is out of date, because when I use the Wizard to define a new SAML 2.0 app there is no such option:
User-added image

It would be nice if someone could clarify the situation here. I'd like to avoid maintaining otherwise-identical okta apps for Prod and Staging.
Michael FUERYMichael FUERY
Is there any update on this? I also need the ability to have the Okta IdP return the user to a given AssertionConsumerServiceURL as specified in SAML 2.0 spec section 3.4.1

https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Thanks.

Michael Fuery
Sr. Software Engineer
Benefit Cosmetics
Michael FUERYMichael FUERY
p.s. If there is not support for that option, is there a way that I can pass a variable/attribute from my app SP, that will be returned in the SAMLResponse, so that my app knows where to direct the user?