<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
JupiterOne Application Shows Error "Invalid SAML response or relayState from identity provider"
Jul 24, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article provides information about attempting to log in to JupiterOne from the Okta dashboard and receiving the following error: 

Invalid SAML response or relayState from identity provider

 

Applies To
  • Custom SAML app for JupiterOne
  • Single Sign On (SSO)
Cause

The error appears because JupiterOne does not currently support IdP-initiated flow, as specified in the Setup SSO guide. To learn more about when it might be supported, contact JupiterOne Support.

Solution

Okta does provide a solution that allows the simulation of the IDP-initiated login flow. This solution involves creating a Bookmark Application in Okta. This technique is used to simulate an Identify provider-initiated login (Okta Dashboard) by still utilizing the service provider-initiated login flow that JupiterOne has been designed to accept.

Refer to this Okta documentation for detailed step-by-step instructions on how to set up and use a Bookmark Application within Okta.

Related References

Recommended content

Still looking for help?
Loading
JupiterOne Application Shows Error "Invalid SAML response or relayState from identity provider"