Re-Use SAML App With Different Username?

I’ve created an app in Okta to log into an internal tool via SAML. That tool has regular user accounts and a few special accounts that we want multiple users to be able to log into. I’d like to have the same SAML integration show up as two different app buttons in Okta. Both buttons would have the same metadata url and Single Sign-On URL, but one would log in with the user’s username and one would log in with the username of the shared special account.

Is there a way to set up a SAML app such that it can use another app’s SAML metadata?

Currently I’ve configured two different apps in the internal app, because the two Okta apps have different Metadata URLs to talk to. Both the apps do the exact same thing. I’m hoping for a better solution.

if you don’t mind having this special service account created in Okta, then you can have one application, but it will require users to switch username when logging to Okta :slight_smile: something has to be different!

Afaik what you’re trying to do is not possible in Okta. Okta doesn’t support multiple application assignments for the same user.

You will need to different user accounts.

If you want to do the work on the back-end, set a custom SAML attribute that contains an array of the possible user names and let the user select (after SAML assertion) which role/privilege they wish to take in the application.

But this is probably more work than just having two apps “Regular” and “Special”. Of course, you don’t have to assign the “Special” application to “Regular” users so they won’t ever need to see the second version of the app they don’t have access to.