Configure Okta as SAML Identity Provider
Before you start
- Sign up for an Okta Developer account.
If you want to integrate your Auth0 tenant with Okta Workforce Identity, try using the Okta Workforce Enterprise connection first.
Configure Okta SAML app integration
You can create a SAML app integration in the Okta Developer Console.Create app integration
- Log in to the Okta Developer Console.
- Go to Create App Integration and choose SAML 2.0 from the options.
-
Configure the following settings:
Setting Description Example Single Sign-On URL Auth0 tenant login callback URL. https://{yourAuth0Domain}/login/callback?connection={yourAuth0ConnectionName}Audience URI (SP Entity ID) Auth0 connection audience value. urn:auth0:{yourAuth0TenantName}:{yourAuth0ConnectionName}The connection name value ({yourAuth0ConnectionName}) that you use to configure your Okta SAML app integration must match the name of the SAML connection you create in Auth0. - Select Next, and then select Finish to complete the Okta app integration configuration.
Record SSO URL and download certificate
The login flow is now directed to the Sign On page for the newly-created app.- Select View SAML Setup Instructions.
- Record the Identity Provider Single Sign-On URL.
- Download the X.509 Certificate in PEM or CER format.
- Navigate to Assignments, and then assign a user to the Okta application.
Configure SAML connection in Auth0
You can create a SAML Enterprise connection in the .- Log in to the Auth0 Dashboard.
- Go to Authentication > Enterprise.
- Select Create (+ button) next to SAML.
-
Configure the following settings:
Setting Description Example Connection name Auth0 connection name. myoktaconnectionSign In URL Okta URL where user login requests are sent. This is the Identity Provider Single Sign-On URL value you recorded previously. https://my_okta_tenant_name.okta.com/app/my_okta_tenant_namemy_okta_saml_app_integration_name/dakflkbzevu5i5zBi939/sso/samlX509 Signing Certificate Okta tenant public key signing certificate. Upload the X509 Certificate you downloaded previously. myOktaTenantSigningCertificate.pem - Select Create.
Enable SAML Enterprise connection in Auth0
You can enable your SAML Enterprise connection in the Auth0 Dashboard.Enable SAML Enterprise connection when using Organizations
If you’re using Organizations:- Log in to the Auth0 Dashboard.
- Go to Organizations, and select your Organization.
- Switch to the Connections view.
- Select Enable Connections.
- Select the SAML connection you created previously, and then select Enable Connection.
Enable SAML Enterprise connection when not using Organizations
If you’re not using Organizations:- Log in to the Auth0 Dashboard.
- Go to Authentication > Enterprise > SAML, and select the SAML connection you created previously.
- Switch to the Applications view, and enable the connection for your chosen application(s).
Test connection
You can test your connection in the Auth0 Dashboard.- Log in to the Auth0 Dashboard.
- Go to Authentication > Enterprise > SAML.
- Locate your connection in the list.
-
Select More Actions (… button), and then select Try.
- If your connection is configured correctly, you’ll see the It works! screen.
- If not, you’ll see an error message with details about what went wrong.
The Try button works only for users logged in to the Auth0 Dashboard. You can’t send this to an anonymous user, such as a customer.If you don’t have an Okta user, you need to create one or configure IdP-initiated SSO.
The user might see the Okta dashboard after authenticating through a Service Provider-initiated login flow. If you integrate your application with Auth0 using the OIDC protocol, Auth0 takes the value of the
state parameter and passes it to Okta using the SAML RelayState parameter. Make sure that you set the state parameter to a value that Okta can use.