Add a SAML 2.0 IdP

In addition to using Okta as an identity provider (IdP), you can also configure Okta as a service provider (SP). When Okta is used as a service provider it integrates with an external Identity Provider using SAML.

Inbound SAML allows you to set up the following scenarios.

  • Your users can SSO into apps without needing an Okta password.
  • You do not need to set up an Active Directory (AD) agent.
  • You can connect to a partner.
  • You can federate with another Identity Provider (IdP).

Typical workflow for configuring inbound SAML

Task

Description

Add a SAML Identity Provider Add a SAML 2.0 IdP and configure its authentication, JIT, and SAML protocol settings.
Add metadata for an Identity Provider Add metadata to an existing IdP and generate its configuration data for the Security Provider.
(Optional) Configure Universal Directory mappings Add or edit attributes and customize the mapping between the IdP and Okta.
(Optional) Specify an error page Redirect users to a custom error page if Okta fails to process the IdP sign-in attempt.

The System Log provides information about the Inbound SAML events that occur in the system. This information can be useful for debugging your configuration.

Related topic

Customization options for inbound SAML