how to generate Signature Certificate and sp issuer & Single logout url???

User15869522308388393993 (Vendor Management)

Edited June 5, 2020 at 5:21 PM

Thank you for contacting Okta,

The service provider will occasionally require that the assertion contains additional attributes such as first name, last name, department, etc to help identify the user. In such cases, be sure to ask the vendor to provide you with the Attribute Name (i.e. firstName, lastName) and Name Format (Unspecified, URI Reference, and Basic) for each required attribute.

You will also need to provide the vendor/developer with the following information from the Okta application (accessed via the View Setup Instructions button in the application's Sign On tab):

The Identity Provider Single Sign-On URL. The SP may refer to this as the "SSO URL" or "SAML Endpoint." It's the only actual URL Okta provides when configuring a SAML application, so it's safe to say that any field on the Service Provider side that is expecting a URL will need this entered into it.
The Identity Provider Issuer. This is often referred to as the Entity ID or simply "Issuer." The assertion will contain this information, and the SP will use it as verification.
The x.509 Certificate. Some service providers allow you to upload this as file, whereas others require you paste it as text into a field.

Here is a link that you might find helpful, that explains how to set up an custom SAML app, and how to generate Signature Certificate and where to find the SP issuer and the Single logout URL:

https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm

Have an nice day,

Paul Munteanu

Technical Support Engineer

Expand Post

User15869522308388393993 (Vendor Management)
Edited June 5, 2020 at 5:21 PM
Thank you for contacting Okta,

The service provider will occasionally require that the assertion contains additional attributes such as first name, last name, department, etc to help identify the user. In such cases, be sure to ask the vendor to provide you with the Attribute Name (i.e. firstName, lastName) and Name Format (Unspecified, URI Reference, and Basic) for each required attribute.

You will also need to provide the vendor/developer with the following information from the Okta application (accessed via the View Setup Instructions button in the application's Sign On tab):

The Identity Provider Single Sign-On URL. The SP may refer to this as the "SSO URL" or "SAML Endpoint." It's the only actual URL Okta provides when configuring a SAML application, so it's safe to say that any field on the Service Provider side that is expecting a URL will need this entered into it.
The Identity Provider Issuer. This is often referred to as the Entity ID or simply "Issuer." The assertion will contain this information, and the SP will use it as verification.
The x.509 Certificate. Some service providers allow you to upload this as file, whereas others require you paste it as text into a field.

Here is a link that you might find helpful, that explains how to set up an custom SAML app, and how to generate Signature Certificate and where to find the SP issuer and the Single logout URL:
https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm

Have an nice day,

Paul Munteanu
Technical Support Engineer

Expand Post

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies

Your Privacy

Your Privacy

Strictly Necessary Cookies

Strictly Necessary Cookies

Functional Cookies

Functional Cookies

Performance Cookies

Performance Cookies

Share or Sell of Personal Data

Share or Sell of Personal Data

Advertising Cookies