When using SAML, users attempting a Service Provider (SP)-initiated login might encounter an unexpected application username/password prompt instead of being redirected to Okta for authentication. This article outlines the likely cause and steps to resolve the issue.
- SP-initiated login
- Single Sign-On (SSO)
- Security Assertion Markup Language (SAML)
The issue often arises due to an incorrectly entered Identity Provider (IdP) URL, or equivalent, on the SP side. The IdP URL points to Okta, and if it is incorrect, the Service Provider (SP) might not be able to properly redirect the user to Okta for authentication. This can also happen if the SP does not support the SP-initiated login flow.
- Confirm the SP supports SP-initiated login flow.
- If SP flow is not supported, users will be directed to the SP login page when attempting to access the app using an application URL.
- Check the configuration settings on the SP side.
- Make sure that the correct Okta application URL (for example, https://domain.okta.com/apps/ApplicationName/AppID/sso/saml) is accurately entered in the appropriate field.
-
This field might be labeled differently depending on the SP, as there is no standardized SAML terminology. Some common labels include:
-
- Identity Provider Login URL
- SSO URL
- Single Sign-On URL
-
Keep in mind that changes or corrections made on the SP side might not take effect immediately.
-
If recent changes have not resolved the issue, contact the SP's support to ensure that the changes have been correctly implemented.
-
