Can Okta support SP certificate import ? Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Ramanan HariharanRamanan Hariharan 

Can Okta support SP certificate import ?

Some Security Assertion Markup Language(SAML) profiles or signing options require the Service Provider(SP) to sign messages and the Identity Provider(IdP) to verify them. 

Can Okta support the above scenario ?
Justin BergezJustin Bergez (Okta, Inc.)

Hi Ramanan,

Thank you for your question!

In the vast majority of SAML apps, Okta does not pass or handle certs for login flows, whether IdP or SP initiated, because we don't validate the signature on the inbound SAML request. We simply grab the request ID of it.

I can confirm that there are some apps that require encryption for the message coming back to us. In that scenario, Okta would need to upload a cert provided by the SP, and does have the capability to do so.

If you have additional questions or need further clarification, I would recommend opening a ticket with Okta Support.

Justin M. Bergez
Technical Support Engineer - Tier 2