ig08m (ig08m) asked a question.
We have SAML setup for an external application that applies to all employees. With this same application there is a separate URL that a small subset of users will be assigned.
This external application cannot be configured to use a second certificate for SAML.
Is there a way to create a second application within Okta that uses the same certificate or other ideas on how to work with this scenario?
Hi Kirk,
This can be achieved using a 'Bookmark App' from the catalog, using the SSO request URI of your initial SAML app. You essentially use it to reference the master SAML app, and append a RelayState in there to get you into the location in your app.
For example, in my lab, I have Salesforce set up, and I want to deep link into another section. For this app, I would use the following URL (I get the Request URI (with saml/sso) from the logs following a user login).
This URL is slightly different to the app embed URL, if you click 'View Logs' on your main app, and find a successful login, you should see this.
Once you add the relay state you want, this takes me to a specific place within Salesforce once I've logged in. This may be dependant on your end application if this is supported I believe.
Make sure you name the Bookmark App chiclet properly and add the image in there, you can then assign it to the specific users who need it. You'll need to make sure the 'master' SAML app is assigned as well.
You can also test this URL outside of the bookmark app manually directly in browser, to make sure it's all working before you add it in Okta.
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
We use cookies to provide the best website experience and to help understand marketing efforts. We may also share data with ad partners to reach potential customers across the web. To learn more, visit our Privacy Policy. Click here for Your Privacy Choices. You may also opt out of this sharing by signaling your preference via GPC, applicable only to the browser signaling the opt-out.
More information
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Select All
May Okta Community Buzz
Stay ahead of the curve with Okta for AI Agents, new Okta Learning live sessions and labs, shout-outs, and top trending topics—all aimed at enriching your Okta journey.
Hi Kirk,
This can be achieved using a 'Bookmark App' from the catalog, using the SSO request URI of your initial SAML app. You essentially use it to reference the master SAML app, and append a RelayState in there to get you into the location in your app.
For example, in my lab, I have Salesforce set up, and I want to deep link into another section. For this app, I would use the following URL (I get the Request URI (with saml/sso) from the logs following a user login).
https://tenant.okta.com/app/salesforce/exk640xyad573onzF696/sso/saml?RelayState=/lightning/o/User/list?filterName=Recent
This URL is slightly different to the app embed URL, if you click 'View Logs' on your main app, and find a successful login, you should see this.
Once you add the relay state you want, this takes me to a specific place within Salesforce once I've logged in. This may be dependant on your end application if this is supported I believe.
Make sure you name the Bookmark App chiclet properly and add the image in there, you can then assign it to the specific users who need it. You'll need to make sure the 'master' SAML app is assigned as well.
You can also test this URL outside of the bookmark app manually directly in browser, to make sure it's all working before you add it in Okta.