OK. I'll have to dig into reserves here. SAML is a front end ( browser / client ) side protocol. It relies on being able to redirect the client across the IdP and SP, carrying a parameter which is either the SAML request or the SAML response to the party that's interested.

So can you do that without a browser ? No.

I'm guessing from your question that your application only supports SAML at a given endpoint to authenticate the user ? Or do you have some flexibility there to authenticate using other mechanisms ?

Hi, @User165962405017476792 (Customer)​ 

Thank you for posting on our Community page!

I did some research and found one of my colleagues answered to you here:

https://support.okta.com/help/s/question/0D54z000099qDdYCAU/how-to-authenticate-with-saml-based-application-using-api-call?language=en_US

As stated, this is an Early Access feature only for Classic Engine for which you should get in contact with your Account Executive. 

Please also take a look here for more info on stateToken:

https://developer.okta.com/docs/reference/api/authn/#get-transaction-state

https://devforum.okta.com/t/how-to-get-statetoken/11896

Thank you for reaching out to our Community and have a great day!

_____________________________________________________________________________

Community members help others by clicking Like or Select as Best on responses. Try it today.

_____________________________________________________________________________