multiple identity providers for a single app Skip to main content
https://support.okta.com/help/answers?id=9062a000000xa6vqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Vikram GoghariVikram Goghari 

multiple identity providers for a single app

I would like to write an app ("appX") with following properties:
  • my app will have admins and users
  • admins who sign up with my app can configure a SAML IdP to use (we will use Okta API's to create IdP configurations?) to authenticate their users (non-admins) for the same app ("appX")
  • this app ("appX") will be a SAML SP and Okta will be the IdP (requires creating an Okta app and configuring SAML?)
  • Okta will then be an SP for a configured IdP (ie. appX sends the user to Okta to login and Okta sends the user to an Idp to login)
  • once the user logs in on their Idp, the Idp sends a SAML Response to Okta functioning as an SP...now how does Okta send a SAML Response to my app? 
Note will will have 100's or 1000's of IdP's configured in Okta in the future (via APIs). Any users provisioned this way should be assigned to this app. Basically we want ANY SAML customers to be able to login to our app using their own credentials.
Silviu MuraruSilviu Muraru (Okta, Inc.)

Hi, Vikram!


If you would like to integrate your own App. to Okta you should go into your Okta tenant to the Admin Console and from there follow this path: 

Applications -> Create New App -> SAML 2.0 -> {{complete with info}} -> Next -> {{complete with info}} -> Next -> Check "I'm a software vendor. I'd like to integrate my app with Okta" and then "Yes, my app integration is ready for public use in the Okta Application Network" -> Then describe the SAML integration and let Okta test it.
So this is about integrating your App into the OAN (Okta Application Network) if this is the use-case.

Regarding the second part of your message, that kind of configuration is similar to an inbound SAML infrastructure where Okta can be indeed SP even for another Okta tenant who might be IDP. Let me link some documenation regarding this.

https://support.okta.com/help/Documentation/Knowledge_Article/40561903-Configuring-Inbound-SAML

If the use-case has been misunderstood or you need to find more information / want to even have a screensharing session and test different configurations with our team I would strongly advise you to open a ticket with us. We would have multiple ways to help in that scenario.


Wish you all the best in your work!

Thank you,

Silviu Muraru
Technical Support Engineer | Okta

Vikram GoghariVikram Goghari
Inbound SAML sounds like the right solutions. A few questions about that:
Since we will have multiple Inbound SAML configurations, my app will decide which Idp to send the particular user to. How do I initiate authentication to a particular Idp? And after that Idp authenticates, how does the user return to my app in a logged in state (SAMLResponse)? 

The Inboud SAML feature is not visible in my preview sandbox; is it a paid account only feature?