This article provides clarification about the Audience URI, an essential configuration component for Single Sign-On (SSO) in custom SAML or OIN app integrations within Okta. It delves into what the Audience URI is, how it functions, and where it can be sourced.
- Okta Integration Network (OIN)
- SAML App Configuration
- Single Sign-On (SSO)
Confusion may arise due to the various terminologies used by different vendors for the same configuration requirement.
The Audience URI, or Audience Restriction, determines the intended recipient or audience for the SAML Assertion. Depending on the vendor, this field might also be referred to as the Entity ID.
It can be any string of data up to 1024 characters long but is typically formatted as a URL, often incorporating the Service Provider's (SP's) name. In many cases, the Audience URI aligns with the Assertion Consumer Service (ACS) URL, also known as the SSO URL.
If the Audience URI is not listed in the SP's SSO configuration instructions, it can be obtained directly from the SP.
Presently, SAML applications in Okta support only one Audience URI per application. If the application facilitates multiple Identity Providers (IdPs), consider setting up separate applications for each URL.
