This article explains how to clone an application certificate from one Secure Assertion Markup Language (SAML) application to another using the Postman application to access the Okta REST API.

Throughout this article:

• App1 is identified as the source app from which the certificate is intended to be shared.
• App2 is identified as the target app that will receive the source app's certificate.

• Secure Assertion Markup Language (SAML)

• Multiple SAML apps pointed to the same environment using the same Okta app certificate
• Okta Classic Engine
• Okta Identity Engine (OIE)

Requirements

1. Follow the steps to integrate Postman with Okta.
   • NOTE: If Postman is not configured for the Okta environment, the rest of the steps will not work.
2. Add the Apps API collection to Postman.
3. Once Postman is configured, it is possible to share certificates between apps.

Steps

In this video, learn how to share/clone a certificate between two Okta SAML applications using Postman.

1. In Postman, go to the Apps collection, and use the API command: List Apps request to retrieve the appID for the app from which the certificate (App1) should be retrieved.
   • NOTE: If the app being searched for is not listed in the results, follow the instructions from the "If the application being searched for is not listed" section.

2. Use the List Apps request in Postman to retrieve the kid for the app with the desired certificate (App1).
3. Use the List Apps request in Postman to retrieve the appID for the app that will receive the cloned certificate (App2).
4. In Postman, go to the Apps collection > Certificate Operations and select the Share/Clone certificate API request. 
   (For the new version of Postman, the API request can be located in Apps collection > Application Key Credentials > Clone a key credential).
   The API call looks like this: {{url}}/api/v1/apps/{{app1ID}}/credentials/keys/{{kIdForApp1}}/clone?targetAid={{app2ID}}.

5. Click the Send button to perform the share/clone action.
6. Access the Sign On tab of the targeted app and activate the new certificate.

If the application being searched for is not listed

If the app being searched for is not listed, it is likely due to the limit parameter on the List Apps request's default limit of 20. To adjust this, follow these steps:

1. Add a parameter called limit to the List Apps API request and set the VALUE to 200. Then, resend the request and search for the app among the results. The maximum value for this parameter is 200, so if there are more than 200 apps in the org, additional steps will need to be taken as described below.

2. If the app still does not appear, there could be more than 200 apps on the Okta org. To get to the 201st result, add another parameter called next. The value for this parameter is obtained by following the next steps.
3. Run the List Apps API request without the limit parameter and click on the Headers tab of the results:

4. If the results are paginated, there will be a link header in the results with the URL for the next page of the apps. Copy the part of the URL of the link Header that contains the real value of next. Make sure not to include the & character in the value.

5. Create a new parameter for the List Apps API request called next. 
6. Set the VALUE for the new parameter to the string copied in step 3, and send the request again to get the results for the next page.
   • If there are more pages, this process can be repeated until there are no next link in the headers section.

Related References

• Test the Okta REST APIs using Postman
• Applications Postman Collection
• Share application key credentials for IdPs across Apps