When configuring Single Sign-On (SSO) for a third-party application called Lumin in the Okta Integration Network (OIN), the process may fail, resulting in 404 errors. The 404 error typically occurs during SSO setup, even after following the recommended steps and procedures.
- Single Sign-On (SSO) configuration issues
- Lumin Application
- Okta Integration Network (OIN)
- Okta Classic Engine
- Okta Identity Engine (OIE)
The root cause could be a misconfigured SAML Name ID format or an incorrect setup of SAML attributes during the SSO configuration process. Also, any discrepancy in the attributes' values, such as a mismatch between the role names in the IdP and the Lumin Admin system, can trigger the errors.
- Set the SAML Name ID format to be the email address. Lumin uses this value to uniquely identify the username in the Admin portal.
- Add the following SAML attributes for the user’s profile information. Please note that these field attributes and their values are case-sensitive:
firstName- string (required)lastName- string (required)email- string (required)adminRoles- string array (** required if managing roles **)mobilePhone- string (optional)workPhone- string (optional)streetAddress- string (optional)city- string (optional)state- string (optional)zipCode- string (optional)
Remember to keep role names consistent between the Admin portal and the IdP. If role names change in the Admin portal for any reason, it must be updated in the IdP as well.
Errors and their likely causes:
- A 401 error usually points to an issue with the attributes and often occurs due to incorrect fields being sent or incorrectly formatted fields (for example,
firstnameinstead offirstName). - A 404 error typically indicates that the attributes sent are correct, but the values sent do not match. For example, this could happen if the user does not already exist (option 2) or if the role assigned does not exist or does not exactly match (option 1).
