<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Download Okta Identity Provider Metadata and SAML Signing Certificates
Mar 20, 2026
Single Sign-On
Okta Integration Network
Okta Classic Engine
Overview

Okta dynamically generates unique metadata for each Security Assertion Markup Language (SAML) app integration. This article describes how to obtain the metadata URL and download the SAML signing certificate for a SAML app integration from the Okta Admin Console.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta Integration Network (OIN) Catalog SAML App
  • Custom SAML Application
  • Single Sign-On (SSO)
  • Security Assertion Markup Language (SAML)
Solution

How are the IdP metadata and SAML signing certificate downloaded for a SAML app integration?

 

The following video and procedures describe three distinct methods for retrieving SAML configuration data tailored to the service provider's specific requirements.

 

 

Download metadata or the SAML signing certificate

This method allows for the direct download of the metadata file or the active signing certificate.

  1. Navigate to the Sign On tab of the SAML application.
  2. In the SAML Signing Certificates section, select Actions for the active certificate.

SAML Signing Certificates

  1. Select Download certificate to save the file.
  2. Select View IdP metadata to open the metadata file in a new tab.
  3. Save the metadata page as an XML file from the browser.

NOTE: Right-click and save the metadata page as an XML file to avoid formatting issues that occur when copying and pasting into a text editor.

 

Obtain IdP details via View SAML setup instructions

This method provides a formatted page containing the Identity Provider Single Sign-On URL, Identity Provider Issuer, and the X.509 Certificate text for manual application configuration.

  1. Navigate to the Sign On tab of the SAML application.
  2. Locate and select the View SAML setup instructions option on the right side of the page.
  3. Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and the X.509 Certificate from the displayed page.

NOTE: The metadata can also be copied from the Optional section.

Custom SAML

Download certificate

 

Obtain IdP details via the Sign On tab

Okta also displays the Identity Provider Single Sign-On URL (Sign on URL), the Identity Provider Issuer (Issuer), and the X.509 Certificate (Signing Certificate) on the Sign On tab of the SAML application in the SAML 2.0 section under Metadata details.

metadata

Recommended content

Still looking for help?
Loading
How to Download Okta Identity Provider Metadata and SAML Signing Certificates