SAML Identity Provider

Hello guys

I have a question about using a SAML Identity Provider, so, when I use an authorization URL specifying an IDP, why the okta logs me in returning another user that does not come from my SAML Idp?

For example, The user user01 was stored from the SAML Idp, and the user user02 is my admin user for okta developer account, so, if I logged in with my admin account and make a request to the (SAML IdP authorization URL), okta returns a token containing my admin user saying that I’m already logged in.

I hope I have managed to be clear :slight_smile:


Sounds like session token reuse, what happens when you use an incognito browser window?

Yeah, when I use an incognito browser it works. But, it is normal? Sould I configure something different ?

@Govner, so, there is any way to avoid this behavior? Thanks :slight_smile: