Passing a custom SAML Attribute to third party

#1

Okta is pretty new to our organization and every integration we have done has been standard mappings from AD. Talking to our admin we haven’t had to pass anything as a SAML attribute to a third party that wasn’t in AD. We now have a requirement from another party to do that exact thing. My experience with Okta is next to none, so I’m not sure on where to start for searching or documentation. If someone could help point me in the right direction or if you need more information to help diagnose the issue I will give you what I can.

Update

Let me update this to try and give more context if anyone has any ideas. Below I included a screenshot from the document the vendor gave us. This serviceParameters SAML attribute is a unique value to each entity a user may be viewing on an internal system at the time. We would need to take a data point from that entity and put it into a SAML assertion as the VendorUID you see in the fourth column. One idea our networking admin had was using relay state to accomplish this. I’m not sure how to do this since I have no experience with Okta at the moment.

#2

Hi @bdselle

If you have a production org, then you can follow the steps available here and, under Attribute Statements, pass the serviceParameters if the service provider expects it in this format.

If you like, you can submit a support ticket to support@okta.com or through the support portal at support.okta.com to ask an engineer to assist you in integrating the application based on the details that you have from the service provider.

#3

In that link the attributes look to be set here. But they are being populated from the user object. That we can do easily and have done for other integrations. But in this case the value isn’t part of the user object. It is a value that is unique and needs to be passed in from the originating application that will link out using Okta to authenticate.

We have opened a ticket for this and the only thing we have so far is potentially using relay state to do this but I don’t think this will satisfy the requirement. Also, we are waiting for the vendor to give us another organization that has used Okta to do this SSO functionality. They claim others have and I am awaiting their response yet.

image