okta logo
How to configure OKTA with SAML 2.0
idee logo

How to configure OKTA with SAML 2.0

The following guide will walk you through adding IDEE AuthN as an external SAML 2.0 provider to allow logging in to OKTA and associated applications using IDEE AuthN.

  • Login to OKTA as an administrator.

  • Make sure "Classic UI" is selected.

    Make sure "Classic UI" is selected.
  • From the top navigation select Security. In the dropdown menu select Identity Providers.

    Identity Providers.
  • In the Identity Providers tab click on Add Identity Provider. Then select Add SAML 2.0 IdP.

    click on Add Identity Provider. Then select Add SAML 2.0 IdP.
  • Then enter the following (see screenshot at end of step for reference):

    • Name. Enter any value e.g. :
      IDEE IdP

    • IdP Username. Enter the following:
      idpuser.email

    • Filter. Leave unchecked.

    • Match Against. Select the following:
      EmailThis tells Okta to map attribute 'email' from IDEE IdP's assertion into the okta user's email, change this accordingly if necessary.

    • If no match is found: Select "Redirect to Okta sign-in page."

    • IdP Issuer URI. Copy/Paste value from IDEE AuthN portal (IDP Entity ID):
      Get this value from the IDEE AuthN portal

    • IdP Single Sign-On URL. Copy/Paste value from IDEE AuthN portal (SSO Endpoint URL):
      Get this value from the IDEE AuthN portal

    • IdP Signature Certificate. Download from IDEE AuthN portal and upload.
      Get this value from the IDEE AuthN portal and upload

    edit field area
  • In Advanced Settings section, select HTTP Redirect.

    advance setting section
  • Click Add Identity Provider.

  • Now IDEE IdP should appear in the list of Identity Providers. Select the arrow near the IdP name to expand the details about it and click Download SAML Metadata.

    click Download SAML Metadata.
  • Upload the downloaded metadata on the IDEE AuthN Portal and click save.

  • Now we need to enable IDEE as an IDP for your applications. To do so, switch to the Routing Rules tab (Security > Identity Providers) and click on Add Routing Rule.

    click on Add Routing Rule
  • Choose the conditions under which the IDEE IdP will be used. For testing purposes and best practice we recommend selecting Any of the following applications and choose the applications that use IDEE IdP to sign-in.

    Choose the conditions under which the IDEE IdP will be used
  • Click Create / Activate Rule.

  • Congratulations. You're done and users can now use the IDEE AuthN to sign-in.