oyefh (oyefh) asked a question.
Using Okta as a service provider to manage authentication for a single page app. For example, let's say app is hosted and https://prod-application.com.
Okta account has Okta Identity Engine
IDP configuration is all working as I'd expect, am able to use third-party Identity Providers (Azure, Onelogin, etc) to do federated SSO. After a user authenticates through their IDP (IDP-initiated auth), I want them to be automatically directed to the app. Experimentally, I'm seeing setting the "Relay State" setting over on the IDP to https://prod-application.com achieves this. If the value is left blank the user gets directed to the okta dashboard.
Here's the question: let's say that I don't want IDP admins to have to configure Relay State, or at minimum I want to deny SAML requests with a Relay State set to anything other than https://prod-application.com. Is it possible to configure a default/only relay state response in Okta?
Hello @oyefh (oyefh) Thank you for reacting out to our Community!
At this time we do not have the ability to Block/Deny access based on RelayState. However you can add a Feature Request on our Idea section, for a chance that this functionality to be added in the future.
https://support.okta.com/help/s/ideas
The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.