This article explains the maximum limit on the number of requestable SSO URLs that can be added to a SAML application and provides a workaround for customers who need to configure more than 100 Requested SSO URL configurations.
- Custom SAML 2.0 Application
- Requestable SSO URL
- API
The maximum limit on requestable SSO URLs is 100, and there is no way to exceed this limit. However, customers who need to configure more than 100 Requested SSO URL configurations can use a workaround. Instead of configuring several other requestable SSO URLs, customers can use a dynamic ACS URL with a signed cert.
To use this workaround, customers should follow these steps:
-
Set up Okta Orgs as SAML IDP and SAML SP, especially for Dynamic ACS URL support testing.
-
Enable Signed Requests in Okta.
-
Specify a URL and an index that uniquely identifies each ACS URL endpoint in the Other Requestable SSO URLs field.
-
When enabling Signed Requests, Okta deletes any previously defined static SSO URLs and reads the SSO URLs from the signed SAML request instead. Note that both static SSO URLs and dynamic SSO URLs cannot be used simultaneously.
For more information on how to set up Okta Orgs as SAML IDP and SAML SP, please refer to the official Okta documentation.
Related References
- Create SAML app integrations
- Okta API documentation regarding SAML 2.0 applications (look for the ACS endpoint entry on the table)
- Setting up Okta Orgs as SAML IDP and SAML SP for Dynamic ACS URL Support
