<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00008FM12LSATOkta Classic EngineSingle Sign-OnAnswered2020-04-21T14:38:18.000Z2020-04-14T11:47:20.000Z2020-04-21T14:38:18.000Z

PierreR.38503 (Customer) asked a question.

April 14, 2020 at 11:47 AM
Where can I find SSO Url and Audience URI as a tenant admin?

Hi,

 

here's my following setup, I have 2 Okta tenants:

  • Okta Tenant A (identity provider)
  • Okta Tenant B (service provider)

I would like to create an Okta application in Tenant B that supports SSO for users in Tenant A through SAML.

 

The setup in Tenant A seems straightforward:

Classic UI > Applications > Create a New Application Integration > Web SAML 2.0

The form request the following fields:

  • Single sign on URL 
  • Audience URI (SP Entity ID) 

Both of those values should come from the service provider (Okta application in Tenant B) but I can't seem to find in which admin page they are displayed in Tenant B.

 

Moreover, do I need to create the Okta application in Tenant B in a specific way to allow SAML assertions ?

 

Thanks for your help.

 

Kind regards,

  • 2 answers
  • 7.39K views

  • PierreR.38503 (Customer)

    Hi Alexandru,

     

    thank you for your reply. The Org2Org app comes with a few functionalities that I do not seek to use, which is why I prefer using a bare-bone SAML application.

     

    I did find the answer to my question in the meantime. I'll share it here to be visible to the community:

    • In Okta Tenant A (idp), navigate to applications, create a SAML app with placeholder values for Single sign on URL and Audience URI (SP Entity ID). Once created, click on the metadata link or setup instructions, and:
      • download the certificate
      • copy Identity Provider Single Sign-On URL
      • copy Identity Provider Issuer
    • In Okta Tenant B (sp), navigate to identity providers, create an SAML identity providers, fill in the following fields using the previously saved values:
      • IdP Signature Certificate
      • dP Single Sign-On URL
      • IdP Issuer URI

    Once created, copy the following generated properties: Single sign on URL and Audience URI.

    • In Okta Tenant A (idp), navigate to the newly created SAML app and correct the two placeholder values with the aforementioned properties
    Expand Post
    Selected as Best

  • PierreR.38503 (Customer)

    Hi Alexandru,

     

    thank you for your reply. The Org2Org app comes with a few functionalities that I do not seek to use, which is why I prefer using a bare-bone SAML application.

     

    I did find the answer to my question in the meantime. I'll share it here to be visible to the community:

    • In Okta Tenant A (idp), navigate to applications, create a SAML app with placeholder values for Single sign on URL and Audience URI (SP Entity ID). Once created, click on the metadata link or setup instructions, and:
      • download the certificate
      • copy Identity Provider Single Sign-On URL
      • copy Identity Provider Issuer
    • In Okta Tenant B (sp), navigate to identity providers, create an SAML identity providers, fill in the following fields using the previously saved values:
      • IdP Signature Certificate
      • dP Single Sign-On URL
      • IdP Issuer URI

    Once created, copy the following generated properties: Single sign on URL and Audience URI.

    • In Okta Tenant A (idp), navigate to the newly created SAML app and correct the two placeholder values with the aforementioned properties
    Expand Post
    Selected as Best
This question is closed.
Loading
Where can I find SSO Url and Audience URI as a tenant admin?