Hi community

I´m stuck for several days trying to implement device trust for Android Devices with Okta - WSO Access. We have office365 federated with Okta (SAML). WSO Acces si configured as identity provider in Okta and Okta as service provider in WSO Access. In WSO UEM I´ve setup the integration with WSO Acces and URL, Certificate, API Keys and so on have been configureed in the Workspace ONE UEM section in WSO Access. I¨ve check several guides from Okta and VMware to do this, but it doesn´t work for me so far.

As I told before my Office365 tenant is federated with Okta via SAML. 

No matter if the device is manage, that means enrolled in WSO UEM, or not (Samsung A40) . The process is always as follows:

- I open a browse on the device and type the URL portal.office.com

- I type my username for office365 and automatically I´m redirected to Okta

- Since WSO Access is the IdP for Okta I´m redirected to WSO Access.

- WSO Access tells me that I´m using Mobile SSO (for Android) authentication method but redirects me again to Okta

- In Okta I can sign in with MFA and get the "invitation" for enrollig my device if I want to access the resource.

In the OKTA logs I can see the message that de Authentication of Device via SAML IDP has failed (NOT_VERIFIED) and therefore the policy MOBILE-BYOD, which blocks access for untrusted devices, has been aplied.

In WSO Access logs I can see the incoming SAML request but after that I get the event "REDIRECT_DENIED failed". If I open the detais for this event I can see in the last line the message "failureMessage" : "Destination provided was a malformed URL".

Since all this is relatively new for me I´ve not been able so far to find out what the malformed URL refers to but I suppose this can be the reason for device trust not working.

Someone of you has had the same problem or has an idea about what´s wrong?

Thank you and regards