When configuring a new or existing SAML 2.0 Identity Provider (IdP), the Okta Assertion Consumer Service (ACS) URL ends at /sso/saml2 without adding the trust-specific Identity Provider (IdP) ID at the end. This article will walk through the process of switching from a trust-specific ACS URL with the IdP ID at the end to a shared ACS URL that ends at /sso/saml2.

• Identity Provider (IdP)
• SAML 2.0
• Assertion Consumer Service (ACS)

Whether the Okta ACS URL has the shared URL that ends at /sso/saml2 or a trust-specific ACS URL with the IdP ID at the end will depend on the configuration of the Okta Assertion Consumer Service URL setting.
 

Switching to a trust-specific ACS URL:

1. Access the Okta Admin Console.

2. Click Security > Identity Providers.​​​​​​

3. Click the affected identity provider.

4. Click Configure Identity Provider.

5. Change the Okta Assertion Consumer Service URL radio button to Trust-specific and Save.
   
   

An example of what the Okta ACS URL will look like after switching to trust-specific (actual IdP ID will vary): https://<example>.okta.com/sso/saml2/0oa<identifier>

Switching to a shared ACS URL:

1. Access the Okta Admin Console.

2. Click Security > Identity Providers.​​​​​​

3. Click the affected identity provider.

4. Click Configure Identity Provider.

5. Change the Okta Assertion Consumer Service URL radio button to Organization (shared) and Save.
   
   

Example of what the Okta ACS URL will look like after switching to organization (shared):
https://<example>.okta.com/sso/saml2