<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VPnSANOkta Classic EngineIntegrationsAnswered2024-04-15T09:54:48.000Z2017-07-31T22:07:08.000Z2021-02-03T15:33:24.000Z

VikramG.43186 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
multiple identity providers for a single app
I would like to write an app ("appX") with following properties: 
  • my app will have admins and users
  • admins who sign up with my app can configure a SAML IdP to use (we will use Okta API's to create IdP configurations?) to authenticate their users (non-admins) for the same app ("appX")
  • this app ("appX") will be a SAML SP and Okta will be the IdP (requires creating an Okta app and configuring SAML?)
  • Okta will then be an SP for a configured IdP (ie. appX sends the user to Okta to login and Okta sends the user to an Idp to login)
  • once the user logs in on their Idp, the Idp sends a SAML Response to Okta functioning as an SP...now how does Okta send a SAML Response to my app? 
 Note will will have 100's or 1000's of IdP's configured in Okta in the future (via APIs). Any users provisioned this way should be assigned to this app. Basically we want ANY SAML customers to be able to login to our app using their own credentials.
  • 3 answers
  • 2.98K views

  • silviu.muraru1.494609885910873E12 (Okta, Inc.)

    Hi, Vikram!

     

    If you would like to integrate your own App. to Okta you should go into your Okta tenant to the Admin Console and from there follow this path: 

     

    Applications -> Create New App -> SAML 2.0 -> {{complete with info}} -> Next -> {{complete with info}} -> Next -> Check "I'm a software vendor. I'd like to integrate my app with Okta" and then "Yes, my app integration is ready for public use in the Okta Application Network" -> Then describe the SAML integration and let Okta test it.

    So this is about integrating your App into the OAN (Okta Application Network) if this is the use-case.

     

    Regarding the second part of your message, that kind of configuration is similar to an inbound SAML infrastructure where Okta can be indeed SP even for another Okta tenant who might be IDP. Let me link some documenation regarding this.

     

    https://support.okta.com/help/Documentation/Knowledge_Article/40561903-Configuring-Inbound-SAML

     

    If the use-case has been misunderstood or you need to find more information / want to even have a screensharing session and test different configurations with our team I would strongly advise you to open a ticket with us. We would have multiple ways to help in that scenario.

     

    Wish you all the best in your work!

     

    Thank you,

     

    Silviu Muraru

    Technical Support Engineer | Okta

    Expand Post

  • VikramG.43186 (Customer)

    Inbound SAML sounds like the right solutions. A few questions about that:

    Since we will have multiple Inbound SAML configurations, my app will decide which Idp to send the particular user to. How do I initiate authentication to a particular Idp? And after that Idp authenticates, how does the user return to my app in a logged in state (SAMLResponse)? 

     

    The Inboud SAML feature is not visible in my preview sandbox; is it a paid account only feature?
    Expand Post

  • s0n8i (s0n8i)

    My project has a similar use case now. Do we have this support from Okta?

This question is closed.
Loading
multiple identity providers for a single app