<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VKESA3Okta Classic EngineOkta Integration NetworkAnswered2024-04-16T12:10:56.000Z2018-03-06T13:35:52.000Z2018-08-12T04:16:47.000Z

kkq45 (kkq45) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Okta as a Service Provider - how to redirect users after IDP sign in
We have a 3rd party IDP hooked up to Okta, so Okta is both SP to that IDP and the IDP for downstream applications. IDP > Okta > apps

 

When signing in with the 3rd party IDP, the user always lands on the Okta homepage. Is there a way to pass a redirect url so that when one of our users requests authentication to a downstream app and logs in via the IDP, Okta redirects them appropriately after login?
  • 5 answers
  • 8.31K views

  • kkq45 (kkq45)

    Just got a hold of IDP Discovery functionality in our preview environment. This will solve the issue perfectly.

     

    Fingers crossed for quick path to production release.
    Selected as Best

  • exocv (exocv)

    Hi Benjamin,

     

    i think your looking for this:

     

    http://saml-doc.okta.com/SAML_Docs/Configure-SAML-2.0-for-Org2Org.html

     

    In short you need a bookmark app that send the user to the Okta and redirects you with a RELAYSTATE to the app in that Okta. 

     

    another topic was resolved with that info: https://support.okta.com/help/answers?id=9062A000000bmLlQAI&feedtype=SINGLE_QUESTION_DETAIL&dc=Okta_Application_Network&criteria=BESTANSWERS&

     

    Hope it helps,

     

    regards,
    Expand Post

  • kkq45 (kkq45)

    Thanks, but those sources mention Okta to Okta - our IDP is a 3rd party and using a bookmark to construct a relaystate url doesn't help us as the users are not yet logged into any Okta org. These users go to an app (downstream SP), get prompted with an Okta login page, but then click a link to go to a 3rd party IDP and login. That link disrupts the authentication flow, and therefore lands the user back on the Okta homepage after login.

     

    Similar to the topic above, I want to be able to set a RelayState when communicating with the 3rd party IDP, but it doesn't appear that this is in the IDP configuration settings. If I could set a RelayState on the link the user clicks on the Okta login page, it could allow the user to pass through to their desired application. I tried a simple query string parameter, but that doesn't work.
    Expand Post

  • exocv (exocv)

    are the 2 iDP's federated? because only than a relaystate would work, and as im reading your comment, you have users log into okta.

  • kkq45 (kkq45)

    Okta trusts the IDP, it has been configured correctly through the IDP Okta admin screen. We're not having users log into Okta explicitly, but because Okta is the IDP for downstream systems, that is where they land.

     

    If we allow Okta to default to our 3rd party IDP, the scenario works perfectly: the user goes to a downstream app, is redirected to Okta, then to our IDP, which logs into Okta, and then Okta redirects to the target app.

     

    But we're not ready to make this IDP our default, so users get redirected to the Okta login page, at which point we need a method of logging them in through the 3rd party IDP and getting them back to their target application.
    Expand Post

  • kkq45 (kkq45)

    Just got a hold of IDP Discovery functionality in our preview environment. This will solve the issue perfectly.

     

    Fingers crossed for quick path to production release.
    Selected as Best
This question is closed.
Loading
Okta as a Service Provider - how to redirect users after IDP sign in