<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Why Tipalti SSO Fails: SAML Response Field Misconfiguration
Nov 20, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

Tipalti Single Sign-On (SSO) may fail when configuring the SAML response audience field with the Okta application's Sign-on URL instead of the correct value.
General Settings for Tipalti 

This article explains the necessary configuration for setting up Single Sign-On (SSO) with the Tipalti application.

Applies To
  • Tipalti
  • Single Sign-On (SSO)
  • Security Assertion Markup Language (SAML)
Cause

The screenshot from the Tipalti SSO setup instructions displays the wrong example value.

Solution

The Tipalti application's SAML response audience field must contain the Okta application's Issuer/EntityID value.

Do not use the Okta application's Sign on URL for this field.

  1. Locate the Issuer/EntityID value using one of the following methods:

    1. View the setup instructions provided by Okta.

    2. Navigate to the Okta application's Sign On tab and select More Details to find the value.

  2. Enter the correct Issuer/EntityID into the SAML response audience field within the Tipalti application.

Correct Tiplati example

 

Related References

Recommended content

Still looking for help?
Loading
Why Tipalti SSO Fails: SAML Response Field Misconfiguration