<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008OMiULSA1Okta Classic EngineSingle Sign-OnAnswered2018-10-08T08:37:50.000Z2018-10-02T11:23:07.000Z2018-10-08T08:37:50.000Z

LukeA.11986 (Customer) asked a question.

Edited October 2, 2018 at 12:04 PM
How to handle multi-tenancy when setting up a SAML app

Hello,

 

I am looking to integrate an app for SSO using SAML. I can currently successfully log a hardcoded tenant through using SSO locations such as:

 

http://localhost/okta/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/exampleone

http://localhost/okta/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/exampletwo

http://localhost/okta/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/examplethree

 

Where the value after the saml2-acs.php is the authentication source to identify the user's organisation, however when configuring other apps already set up from other vendors this input doesn't appear to be available to be changed, so this method doesn't appear to be available to use in production.

 

Other vendors appear to have a subdomain option in their app set ups, however I can't find a way to enable this in our development one using the SAML app wizard, nor find any resources that cover multi-tenancy when setting up an Okta app.

 

Currently the method I have found, which appears to be configurable in a production environment, is using the relaystate to pass the organisation identifier.

 

Are you able provide any advice on how to configure an app to allow for some sort of identification of the organisation that would work in production or to suggest any resources that might help with this?

 

Any help in this matter is greatly appreciated.

  • 2 answers
  • 2.39K views

  • silviu.muraru1.494609885910873E12 (Okta, Inc.)

    Hi Luke,

     

     

    My name is Silviu and I am a Technical Support Engineer (Tier II) at Okta.

    In regards to the details you just presented above I can recommend something even better suited for you. There are things a normal Template / Custom App Integration cannot support - as designed.

    Still, we have a website available for you here:

    https://oinmanager.okta.com/

    => from which, if you submit the app for review, our Product Team will contact you directly to tell if this is possible or not. They can integrate your app in the OIN, make it Private for your tenants only or Public-facing and fulfill many different custom configurations.

    Please reach out to them on the aforementioned link and let them know what are you trying to accomplish.

     

    Wish you all the best in your work, Luke!

     

     

    Thank You,

    Silviu Muraru

    Technical Support Engineer | Okta Inc.

    Expand Post
    Selected as Best

  • silviu.muraru1.494609885910873E12 (Okta, Inc.)

    Hi Luke,

     

     

    My name is Silviu and I am a Technical Support Engineer (Tier II) at Okta.

    In regards to the details you just presented above I can recommend something even better suited for you. There are things a normal Template / Custom App Integration cannot support - as designed.

    Still, we have a website available for you here:

    https://oinmanager.okta.com/

    => from which, if you submit the app for review, our Product Team will contact you directly to tell if this is possible or not. They can integrate your app in the OIN, make it Private for your tenants only or Public-facing and fulfill many different custom configurations.

    Please reach out to them on the aforementioned link and let them know what are you trying to accomplish.

     

    Wish you all the best in your work, Luke!

     

     

    Thank You,

    Silviu Muraru

    Technical Support Engineer | Okta Inc.

    Expand Post
    Selected as Best

  • mike.davie1.5312945692819849E12 (Customer First Programs)

    Hello Luke,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."

     

    Thank you,

    Mike Davie

    Okta Help Center

    Expand Post
This question is closed.
Loading
How to handle multi-tenancy when setting up a SAML app