ScottO.44841 (Customer) asked a question.
Hello. Trying to integrate Azure AD with Okta.
Followed instructions beginning here:
https://help.okta.com/en/prod/Content/Topics/Provisioning/azure/azure-integrate-main.htm
Only part I was unsure of was with the "External name" when mapping attributes:
https://help.okta.com/en/prod/Content/Topics/Provisioning/azure/azure-map-attributes.htm
I used the example in the instructions. Thus unsure if correct as instructions call this an "example"
Receiving the "400 General non_success" error thus followed instructions here:
However logs in Okta also showing:
Authenticate user via IDP
failure: Unable to validate incoming SAML Assertion
Expanding I am also seeing:
The Identity Provider specified Conditions, but did not designate us as the target for these conditions. Found "{0}", expected "{1}"
Instructions here do not seem to make sense:
Thanks in advance
Hi Scot, how's it goin!
Emilian here with Okta Support, thanks for reaching out!
This situation would require a little bit more data, specifically delving into the Syslog and capturing a SAML assertion in order to identify what information's missing from the SAML handshake.
Moving forward, I would kindly ask you to open up a support ticket from under the support page -> Me dropdown menu -> My cases. This process will have the ticket assigned to one of our Engineers who will further assist you with the issue.
It is recommended that we address this matter over a support case as the information we require for troubleshooting is sensitive and should be kept private :).
When submitting the ticket it would give us a head start if you can provide us with the user you've attempted the authentication with, an approximate time frame for the authentication event, your Okta subdomain and, if possible, a SAML trace (I honestly prefer using the SAML Tracer extension (for Chrome) or add-on (for Firefox) as it allows you to export the information) and support access to your org (Settings -> Account -> Give access to Okta Support -> Enable).
Also please be sure to also specify in the ticket that you went through the aforementioned steps, in order to proactively avoid any back-and-forth with the Engineer. You may as well reference this community question, in order to make things easier and not having to repeat yourself.
At a first glance, I would say that it's either something missing from the SAML assertion or a mismatch between the endpoint configuration, but don't take my word for granted.
Hope to hear back from you soon!
Kind Regards,
Emilian Aldea
Technical Support Engineer (CGS)
Okta Global Customer Care
Appreciate the response. This was likely user / configurator error and inability to recognize that I missed a step.
I retraced all steps and “tweaked” a couple of things on the ADDS side and all working now.
Thank you!
Scott A Oleson
[cid:image001.png@01D79349.7C05F5A0]
Scott A Oleson, CEO | Operations | Management | Ownership Team
Analytics Computer Information Systems, Inc.
720.726.2458 o | 720.295.9096 M
Go Green please consider the environment before printing this email or attachments P
CONFIDENTIALITY NOTICE: This email transmission, and any documents, files, or previous email messages attached to it, may contain confidential personal information or personal health information, some or all of which may be legally privileged, confidential or exempt from disclosure. If you have received this email transmission in error; please be advised that any disclosure, copying, distribution, or use of any of the information contained in or attached to this email transmission is strictly prohibited. If you have received this email transmission in error, please immediately notify me by reply email, telephone or facsimile, and destroy and delete from your computer the original email transmission and its attachments. Thank you for your cooperation.
Nice!
Happy you got it figured out Scott!
Please do reach out to us anytime you encounter any difficulties. Have a good one!
Emilian Aldea
Technical Support Engineer (CGS)
Okta Global Customer Care