What are the options to sign out users from the inbound federated IdP?

There is an option in Okta to integrate with external Identity Providers like Azure AD, OneLogin using SAML 2.0 identity provider by following the instructions at:

My question is related to sign out. Signing out from Okta is not signing out the user in inbound federated identity provider and i don’t see any setting to configure the logout URL that comes out of SAML identity providers metadata.

There is an article available online about SLO but based on my understanding, its not going to work in the external identity provider workflow.

are there any options to initiate SAML logout from Okta to external identity providers?

#SAML #Inbound Federation #ExternalIdP

just following up if anyone got chance to look into it and have similar use case with inbound federation?

The Okta SLO feature is only intended to log a user out of their current application (OIDC or SAML), and their Okta Org session. If a user authenticates into Okta via an external IdP that session will still be valid, assuming the IdP hasn’t invalidated it on its own.

After the log of Okta you can specify a redirect URI where you could try to piece together some type of chained logout of other apps/IdPs for the user, but this can be very hard to manage. Often the expectations are logging out of Okta should not effect external IdP sessions. Especially if those sessions existed prior to logging into Okta and are used for other SSO integrations.