How do I find app-location?


#1

I am trying to create the URL in the documentation here:
https://developer.okta.com/docs/api/resources/idps#redirecting-with-saml-deep-links

… but it always returns Okta 404. The only thing that I am unsure about is the app-location parameter.
I have tried:

…/app/{app ID }/…
…/app/home/oidc_client/{ app ID }/…
…/app/home/{ app ID }/…
…/app/oidc_client/{ app ID }/…
…/app/oidc_client/instance/{ app ID }/…

and I will keep on trying more combinations. But is there anywhere I can just get it?


#2

I ended using this URL:

https:// { Okta Domain } .okta-emea.com/sso/saml2/ { Idp ID } /home/oidc_client/ { App ID} / { Some other ID }

It doesnt answer my question, but it solved my issue.
It is also a bit different from the URL in the docs, so I dont know if I have solved it using a different method.
“Some other ID” is an ID that is added when I check the Embed Link on the App settings. Im not really sure what it is, but probably something obvious I have missed.


#3

could you explain what the {some other ID} is

I don’t see it in the url description:
https://{myOktaDomain}.com/sso/saml2/:idpId/app/:app-location/:appId/sso/saml?RelayState=:anyUrlEncodedValue


#4

Here’s what I figured out.

Start with your IDP’s Assertion Consumer Service URL, that’s actually the same as https://{myOktaDomain}.com/sso/saml2/:idpId

Then in the okta admin go to the app you want to deep link to and go to it’s general tab. Look for the app embed link. It’ll look something like https://example.okta.com/home/oidc_client/0asdfkns8fds8/sdfaisd8fhsdf89hsdf

Take off the domain, so in this example you’d have /home/oidc_client/0asdfkns8fds8/sdfaisd8fhsdf89hsdf.

Finally combine the two, so in this case you’d have something like (of course replace the {myOktaDomain} and :idpId appropriately):
https://{myOktaDomain}.com/sso/saml2/:idpId/home/oidc_client/0asdfkns8fds8/sdfaisd8fhsdf89hsdf

Note that there is no /app as the deep linking docs suggest.

This should then give you a link that initially goes to the IDP for login, and then redirects to the app on successful authentication.


#5

Thanks allot Josh…