Add a SAML 2.0 IdP
In addition to using Okta as an identity provider (IdP), you can also configure Okta as a service provider (SP). When Okta is used as a service provider it integrates with an external Identity Provider using SAML.
Inbound SAML allows you to set up the following scenarios.
- Your users can SSO into apps without needing an Okta password.
- You do not need to set up an Active Directory (AD) agent.
- You can connect to a partner.
- You can federate with another Identity Provider (IdP).
Typical workflow for configuring inbound SAML
|Add a SAML Identity Provider||Add a SAML 2.0 IdP and configure its authentication, JIT, and SAML protocol settings.|
|Add metadata for an Identity Provider||Add metadata to an existing IdP and generate its configuration data for the Security Provider.|
|(Optional) Configure Universal Directory mappings||Add or edit attributes and customize the mapping between the IdP and Okta.|
|(Optional) Specify an error page for Identity Provider, SAML or SSO||Redirect users to a custom error page if Okta fails to process the IdP sign-in attempt.|
The System Log provides information about the Inbound SAML events that occur in the system. This information can be useful for debugging your configuration.