This knowledge base article provides instructions on using the Okta REST API with Postman to add an Identity Provider (IdP) to an Okta organization. The steps involve obtaining the key ID of the Org2Org application, fetching the certificate, adding an X.509 certificate public key, and finally, adding a SAML 2 IdP.
- Okta administrators who need to add an Identity Provider using the REST API
- Single Sign-On (SSO)
In the solution below, POSTMAN will be used to run API calls. Before proceeding, please follow the steps to integrate POSTMAN with Okta.
OAuth 2.0 Scope needed: okta.apps.read, okta.idps.read.
Steps
-
Start by obtaining the key ID (kid) of the Org2Org application. Within the Postman environment or Okta Organization where the Org2Org application is set up, the Get App request in the Identity Providers collection should be executed to obtain the kid of the Org2Org application.
-
The Get Certificate request should be run from the Apps > Certificate Operations collection, available here. Use the kid of the Org2Org application obtained in Step 1...
...to run the Get Certificate request and note the value of the "x5c" key and of the certificate.
-
NOTE: At this step, ensure to switch Postman environments or Okta organizations to the target of the Org2Org application obtained from Step 1. Run the Add X.509 Certificate Public Key request from the Identity Providers > Key Store Operations collection. In the Body of the request, ensure to send the "
x5c" value noted in step 2.
After that, note thekidof RSA key that was just added.
Lastly, execute the Add SAML 2 IdP request from the Identity Providers > Transaction Operations collection. In the Body of the Request, replace thekidof thecredentialswith thekidof the certificate just associated with the IdP in step 3.
- Following these steps correctly should result in a 200 OK response, and the details of the newly added IdP will be displayed in the Response window in Postman.
