Find Client ID and Secret for SAML Web App

Where can I find my client and secret? I have created a Web App using SAML 2.0 and want to retrieve the client id and secret to grab a refresh token from the /authorize endpoint. I followed the steps in this article but when I navigate to the General page as an administrator, there is no Client Credentials section. I made sure to log in with the adminstrator account as well.

Try creating the application type as “OpenID Connect” instead of SAML (when creating the application in your Okta Admin console).

Let us know if you are still stuck!

@ec_codes What’s your application? Are you building for SAML specifically, or just need to integrate Okta + your app?

Any more information you can provide will help us get even more answers for you.

I am building for SAML specifically and would like to use Okta to bridge as the SSO app between one organization to my mobile app. I want to ensure that a user’s session in Okta is still valid even after the validation step and after reading docs, I believe implementing a refresh token is the correct method for doing this unless I am mistaken. An example of this scenario is after a user is logged in, perhaps they change their password in Okta. I’d imagine this would invalidate their refresh token and in my mobile app, upon validating with the refresh token, I would have to log them out.

I am building for SAML specifically so I can’t do this

We are trying to do the same thing but seems like crickets from support team on this topic.

Are there any plans to integrate API authorization server with SAML apps?

Hi, just to update all, it seems they do not currently support this. After a phone call with support, SAML apps do not have this capability so you will have to work around this by manually configuring your own logouts within your app - not with Okta