This article addresses the error message encountered when configuring the Okta integration with Apple Business.
We were unable to connect to your Identity Provider as we could not verify the provided SSF configuration.
- Okta Identity Engine (OIE)
- Apple Business
The error typically happens during the validation phase of the Custom Identity Provider setup within Apple Business. The following steps can cause the error:
- Log in to Apple Business.
- Select Preferences > select Enable Custom Identity Provider.
- Enter the client ID & secret of the OIDC web app added in Okta.
- Enter the required Shared Signals Framework (SSF) and OIDC Okta endpoints.
- Validate with Okta.
- Log in with the user who has permissions in both Okta and Apple Business.
The SSF configuration was not retrieved, and the error message was:
We were unable to connect to your Identity Provider as we could not verify the provided SSF configuration.
The error occurs because the user does not have sufficient permissions in Okta, there are existing SSF streams with duplicate values for Issuer and Name, or there are duplicate values (Issuer, Name, or SSO URL) in existing SSF streams. Keep in mind that Okta allows only one SSF stream per Client ID, meaning each app integration can have only a single SSF stream with those identifying values, as detailed in the Create an SSF stream documentation.
Confirm that the user has the "Super Admin" role in Okta. If not, it might be necessary to assign this role to an existing user or create a new user and grant them Super Admin privileges.
If the issue persists after confirming that the user has "Super Admin" role, then re-establish the Apple Integration. First, get an access_token for the OIDC application used to set up the original integration. Then, remove the existing integration and set it up again using the same clientId. The access_token could be used to directly delete the stream. However, it is often simpler to just delete the entire OIDC app in Okta and create a new one specifically for this integration.
