<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UvFSAVOkta Classic EngineOkta Integration NetworkAnswered2024-04-16T09:34:15.000Z2016-12-01T12:04:38.000Z2016-12-01T12:04:38.000Z

yekrx (yekrx) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
ACS URL from Okta App when added by multiple different Okta clients

I'm trying to fully wrap my head around the scnerio's discussed here:

 

http://developer.okta.com/standards/SAML/#single-idp-vs-multiple-idps

 

Our platform will be the use case described: " ... many SaaS ISVs needing to integrate with customers’ corporate identity infrastructure. "

 

My question is about the specific scenario when many of our Platform's client use Okta as their SAML IdP's.

 

In order to support clients on our platform who use Okta as their IdP, we will create an Okta Application.

 

If there are two different clients on our platform; both of which use Okta as their IdP, who both add our Okta Apllication within their individual Okta accounts - will the ACS URL always be the same for these two Okta clients? Or can our platform provide a unique URL for each Okta client to set when they add our Application within Okta?

 

Thanks,

 

Brent

 

 

  • 6 answers
  • 2.58K views

  • gabriel.sroka1.4374539321839353E12 (Okta, Inc.)

    Hi Brent

    If I understand your scenario, that is a choice you can make. In fact, the article you linked to has a paragraph starting with "A key consideration involves the ACSurl endpoint on the SP side where SAML responses are posted" that describes your options.

    Thanks,

    Gabriel
    Expand Post

  • yekrx (yekrx)

    Hi Gabriel

     

    Thank you for your response. If I want separate clients to hit a different ACSurl endpoint on the SP side, and if the end users are managing their SAML IdP in Okta; can a single `Okta Application` (https://www.okta.com/resources/find-your-apps/?tags=SAML) provide different sub-domains on the ACS url?

     

    If so; could you link me to the docs which detail how this is achieved?

     

     

     

    Thanks

    Expand Post

  • yekrx (yekrx)

    Hi Gabriel, thanks for the further information you provided.

     

    I had a look at the GSuite Okta App that our company has added to its SSO which it manages in Okta. I noticed there is a field: "Your Google Apps company domain." I hadn't spotted that before; but it seems like the setting I was looking for.

     

    0EM2A000000XnzB

     

     

    Except of course; I need it to be available in an new Okta App created by us. So is there a way to acheive that?

     

     

     

    Thanks,

    Brent

    Expand Post

  • yekrx (yekrx)

    Ah right - the penny drops! Great - thinking I'm starting to get it. Thanks for all your assistance.

     

     

     

    Brent

This question is closed.
Loading
ACS URL from Okta App when added by multiple different Okta clients