Getting 400 error while performing SSO to Okta application from Azure AD

Hi All,

I am facing issue while trying to achieve Azure AD - Okta federation use case.
Describing it further:

  1. I have created a Okta application in Azure AD.
  2. Configured the application and updated the metadata which is created in Okta for Azure SAML authentication.
  3. While I am testing the application from Azure AD, I am getting 400 (Your request resulted in an error. Error Code: GENERAL_NONSUCCESS) error.
  4. I have tried to configure the Provisioning as Automatic in Okta application created in Azure but getting invalid credentials error for valid tenant URL and security token which is created by super admin user.

Can any one please help here to achieve this set up.
I am trying with populating various user mapping but no luck. Whether I am missing something here !!

This is the message I received from Azure AD, " Azure AD successfully issued a token (SAML response) to the application (service provider). If you still can’t access the application you need to contact the software vendor and share the information below." and received the SAML request and response. But not finding any error there.

Thanks,
Dinesh

Hi there, did you fix your issue? I’m having the same issue and don’t know what to do. thanks for your help…

Not encouraging to have this issue…. find a post where two people have had it but no suggestions for resolving it. Wondering if either of you remember how it was resolved in your environment? :crossed_fingers:

@BTL512 Please review the following articles about this issue:
https://support.okta.com/help/s/article/Making-Azure-AD-as-an-identity-provider-returns-400-general-non-success-error?language=en_US
This can also be caused by issues with profile mappings, so ensure those are configured correctly as well: Map Azure Active Directory attributes to Okta attributes | Okta

If you are still seeing this issue, please open a Support case for 1:1 assistance

This is why I was getting the 400 error.
In Azure Active Directory admin center → Enterprise applications → Okta (or whatever you named it) → Single sign-on → (Section 1) Basic SAML Configuration
When I created the Entity ID, Microsoft had auto-populated a generic entry and even though I had marked the www.okta.com/saml2… entry as the default, that “stray” entry was causing my 400 error. Deleted that extra entry and boom, it took me to my okta desktop.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.