Home > How-tos > Manage external identity providers > External integrations > SAML integrations > Okta SAML integration

Okta SAML integration

This article provides sample Okta SAML integrations with Cloud Identity Plane.

Register Okta as an external IDP in CIP

  1. Select Register Identity Provider from Identity Providers on the admin page.

    image

  2. Select SAML 2.0.

    image

  3. Enter IDP name, description, Metadata Source, and Authentication lifetime (in seconds). You can enter the Metadata Source data as a URI or an XML value.

    Tip

    If IDP Metadata Path is unknown, enter a dummy value for now (eg. http://localhost:1234).

  4. Add Field mapping to map the incoming SAML user entity to CIP user attributes.

    Incoming attribute CIP attribute
    Email uid
    FirstName firstName
    LastName lastName

    image

    Result

    You have now successfully created an Identity Provider object.

Set up a SAML SP application in Okta

Set up a SAML SP application in Okta following the instructions provided by Okta SAML Documentation.

  1. Enter IDP details from the CIP admin page.

    image

  2. As Single sign on URL on Okta SP, enter Redirect URI from CIP IDP. For Audience URI (SP Entity ID), enter urn:mace:saml:<your IDP identifier here>.

    image

  3. Configure the IDP outbound field mapping.

    image

  4. After registering a SAML SP application in Okta, download Okta Identity Provider metadata.

    image

    image

  5. Copy/paste the whole IDP metadata XML data to CIP. Select XML data as Metadata source.

    image

  6. Verify the SAML authentication flow with Okta. For more information, see Verify SAML authentication flow.