msmithB.44724 (Customer) asked a question.
Is there an API to get the SAML metdata file?
Similar to this question, https://support.okta.com/help/s/question/0D50Z00008G7UdK/inbound-saml-metadata-url?language=en_US, we want to automate the delivery of the metadata file to our inbound SSO clients. We don't want to give them admin accounts to our Okta instance obviously, but is there a way that we could programmatically download the metadata file? We could then put it in a place accessible to the client ourselves.
Hi Mathew!
Cosmin here with Okta Support.
Since only applications support previewing metadata (https://developer.okta.com/docs/reference/api/apps/#preview-saml-metadata-for-application - https://developer.okta.com/docs/reference/api/apps/#list-key-credentials-for-application), getting IdP metadata directly through API is going to require a workaround by running two separate calls to retrieve audience, issuer and key ID (https://developer.okta.com/docs/reference/api/idps/#find-identity-providers-by-name). You can later retrieve the certificate by calling /api/v1/idps/<ID>/credentials/keys (https://developer.okta.com/docs/reference/api/idps/#identity-provider-key-credential-object).