<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Enabling Org2Org Claims Sharing Encrypts SAML Responses for Okta Org2Org Applications
Mar 23, 2026
Single Sign-On
Okta Identity Engine
Overview

This article clarifies that enabling Claims Sharing within the Okta Org2Org application integration automatically encrypts the SAML responses exchanged between Okta organizations. This enhancement provides an additional layer of security for shared user data.

Applies To
  • Org2Org application
  • Security Assertion Markup Language (SAML)
  • Custom SAML app integration between two Okta orgs
  • Claims Sharing
  • Okta Identity Engine (OIE)
Cause

Enabling Claims Sharing enhances the security of data exchanged between Okta organizations. When this feature is active, the SAML response, which contains shared user attributes and session details, is automatically encrypted. This encryption uses a publicly available key from the Service Provider (SP) organization, ensuring that the sensitive information remains protected during transmission.

Solution

Since the encryption of SAML responses when Claims Sharing is enabled is an intentional security feature, there is no action to take to disable it. This behavior is designed to enhance the security of data exchanged between Okta organizations.

Recommended content

Still looking for help?
Loading
Enabling Org2Org Claims Sharing Encrypts SAML Responses for Okta Org2Org Applications