AndrewZ.07293 (Customer) asked a question.
I've been struggling to understand how to use one app integration for multiple domains using SAML, which in my mind would be the whole point of SSO. Is there a way to specify Requestable SSO URLs for an IDP-initiated login?
I am hitting the Identity Provider Single Sign-On URL, which is something like https://{domain}.okta.com/app/{app}/{app_id}/sso/saml, but I can't find a way to instruct Okta to return to my preferred POST-back url. I configured multiple ACS URLs and need a way to select them dynamically in the request. Does anyone know how to pass AssertionConsumerServiceURL into this request?
For now I have to use one app integration per domain and each app has it's own Single Sign On URL defined for the domain. I don't understand why SP-initiated would have this feature, but IDP initiated not.
Hello @AndrewZ.07293 (Customer)
I hope you are having a great day
Thank you for posting, We have a feature which allows SP-init SAML requests to specify the ACS endpoint used in the SAML 2.0 infrastructure.It is indeed based on an index number. The index number should be provided / specified on the SP-side so that then you can add the exact same number in Okta at the App configuration phase (Step 2. Configure SAML).
you can also learn more about this topic using the following link:
https://help.okta.com/en/prod/Content/Topics/Directory/ad-desktop-sso-main.htm
Have a great day ahead
Regards
Henry E.
Okta Inc