How to setup vendor's external SAML IDP to work with our OIDC application?

I have setup a SAML IDP in the security tab and I have setup my OIDC app in okta but I am not sure how to get them to work together. Are any of you aware of any documentation that talks through this?

Basically I am hoping to get something like this working:
Customer goes to MyApp and then based on the subdomain of the url they get redirected to their SAML idp for authentication. Once authenticated I want Okta to send them to MyApp with a valid JWT so that I can allow them into MyApp. My app currently supports OIDC auth code flow but does not support SAML.

All user management is done inside MyApp. Okta does not manage our users, I simply want to use okta to handle the authentication and then, if possible, sign the user into the MyApp (which already works with OIDC).

Any thoughts on how I should approach this?

Sounds like you might want to check out the SAML assertion flow

That looks promising. I will read through it. Thank you!

@tyty Will this still work if Okta is not managing my users?

You can also try crafting a IDP SSO url that looks something like this, if you’re trying to route these users to a SAML IdP AND then into your OIDC application:

Take the SAML IDP’s SSO URL,, and then append ?RelayState={{OIDCAppEmbedLink}} to the end so that users are redirected to the OIDC application via its app embed link.

Note that your OIDC app would need to be updated to allow “Login initiated by Either Okta or App” in order to have a App Embed Link. More details about how to do that here.

1 Like