SAML SSO Configuration

Hi, does anybody know how to integrate the SAML SSO Configuration in a custom application?

Hi @nbjellab could you please elaborate a bit more? Are you just asking about how to setup a custom SAML app in Okta, or actually how to make your app understand SAML?

I want to know how I make a ‘settings’ page in my application, where the user will be able to ‘enable sso’ by marking a checkbox and entering their ACS, Issuer and uploading their metadata XML document. Just like other companies in the App Catalog have a settings page. Okta’s SDKs do not support this part - only the login process. Is there any library that helps with this?

Sounds like you want to get setup in the Okta Integration Network. Okta Integration Network | Okta Developer

@abole This is what I want to create inside my application - the image is from Salesforce’s IdP settings page:

@abole do you know how to make this page?

So it sounds like you’ll have a multi tenanted application that will be used by many organisations. Okta will be used by your application to federate with each organisation’s IdP.

Salesforce itself sells an identity product similar to Okta.

That screenshot seems to be how you configure Salesforce to federate with another identity provider like Okta. Remember to setup a federation both your IdP and the other organisation’s IdP need to be configured to trust each other.

In Okta the similar screen is under security > identity providers. Here’s a link where to set it up. Add a SAML 2.0 IdP

You could build screens in your app to collect the 3rd party IdP settings and then setup a new IdP in Okta programmatically via the api. Identity Providers | Okta Developer

You’d end up with one IdP config in your Okta org per organisation you need to federate with (thousands if you have thousands of customers). Each organisation then needs to type in your Okta’s IdP settings into their IdP. You’d need to build a screen to expose your IdP info for them to use. There’s a bit of work to do all this.

The alternative is to look into architecting your app to integrate via the OIN. The customer would have a simpler experience to setup a federation with your app and you’d have less work to setup theirs.

Thank you very much! I thought every application published to the iApp Catalog needed to have this ‘settings’ page in order to get approved by the OIN support team. Now it makes more sense that it is only applications that want to provide multiple identity providers.