Add a SAML 2.0 IdP
In addition to using Okta as an identity provider (IdP), you can also configure Okta as a service provider (SP). When Okta is used as a service provider it integrates with an external Identity Provider using SAML.
Inbound SAML allows you to set up the following scenarios.
- Your users can SSO into apps without needing an Okta password.
- You do not need to set up an Active Directory (AD) agent.
- You can connect to a partner.
- You can federate with another Identity Provider (IdP).
Typical workflow for configuring inbound SAML
|
Task |
Description |
|---|---|
| Add a SAML Identity Provider | Add a SAML 2.0 IdP and configure its authentication, JIT, and SAML protocol settings. |
| Add metadata for an Identity Provider | Add metadata to an existing IdP and generate its configuration data for the Security Provider. |
| (Optional) Configure Universal Directory mappings | Add or edit attributes and customize the mapping between the IdP and Okta. |
| (Optional) Specify an error page for Identity Provider, SAML, or SSO | Redirect users to a custom error page if Okta fails to process the IdP sign-in attempt. |
The System Log provides information about the Inbound SAML events that occur in the system. This information can be useful for debugging your configuration.