<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Look Up IdP Routing Rules Using API
Jul 17, 2025
Okta Classic Engine
Okta Identity Engine
Single Sign-On
All Engines
Overview

When troubleshooting cases involving Identity Provider (IdP) routing issues in Okta, it can be challenging to determine why users are not being directed to the expected IdP for authentication. This is particularly difficult when system logs do not show the IdP where authentication requests are being routed. Such cases often require manual analysis of a HAR file of the authentication flow to identify the IdP being targeted during the authentication attempt. To streamline this process, use Okta API with tools like Postman to retrieve and review the configured routing rules more efficiently.

Applies To
  • API
  • Postman
  • Identity Provider (IdP)
  • Routing Rules
Cause

When system logs do not capture the authentication flow being routed to a specific IdP during failed authentication attempts, a couple of potential reasons could be:

  1. A mismatch or misconfigured routing rule. This makes it difficult to pinpoint specific behavior.

  2. Too many routing rules.

Solution

Capture IdP ID

  1. Follow the steps outlined under Exporting Browser Log Files for Troubleshooting to capture a HAR file.

  2. Open the HAR file in a HAR analyzer or text editor.

  3. Search for the IdP parameter in the request payload to identify the IdP ID where the request is being routed.

 

Capture Policy ID for Routing Rules

  1. Set up Postman

    1. Configure the environment with the base URL of the Okta tenant.
      NOTE: Postman is a 3rd party tool. Okta is not responsible for any changes to the application, and Support cannot troubleshoot issues with the application itself.

    2. Obtain an API token with sufficient privileges to access IdP routing rules

  2. Send a GET request to the following API endpoint to retrieve the policy ID for routing rules:

{{url}}/api/v1/policies?type=IDP_DISCOVERY
Example policy id: 00p1****************

 

Look Up the Routing Rule

Once the IdP ID, as well as the Policy ID, are known for the tenant, in Postman, send a GET request to the following API endpoint to retrieve IdP routing rules:

{{url}}/api/v1/policies/{{policyId}}/rules

 

Replace the URL with the Okta instance URL and policyId with the captured policyId:

  1. The response should display the rules with their priorities and other useful information.

  2. Using Postman's search option under the ellipsis next to the save as example button, search for the IdP ID to retrieve the exact routing rule the authentication flow is hitting.

  3. The response should be the routing rule and its configuration.

Confirm the rule conditions match the expected user attributes or context. Also, use the priority found in Postman to find the routing rule in the Okta Admin UI and make the necessary changes.

Related References

Recommended content

Still looking for help?
Loading
How to Look Up IdP Routing Rules Using API