We share advice on using Okta as an industry-standard SAML2 Identity Provider.
For all true support questions regarding Okta – or any non-Intercax provider of SAML2 service – please contact the vendor directly through their formal Support programs.
Okta “Applications”
In Okta, each integration between a particular Service Provider (like Syndeia) and Okta as the IdP is configured by administering within Okta the creation of a new “Okta Application”, an application that offers SAML2 support.
Therefore, each time you deploy Syndeia to a particular server, you will create a new separate “Okta Application” just for that Syndeia server - even if you already set up SAML2 integration with Okta for other Syndeia servers.
Okta is its own Directory Service of Users
In addition to being able to act as a proxy between existing, often legacy, directory services such as OpenLDAP services and Microsoft ActiveDirectory services, Okta can be and often does act as its own Directory Service of Users and may even be the primary, definitive directory of user accounts.
When Okta is the Directory Service, configuration of Okta as the SAML2 IdP is trivial because there is no need to configure integration with an external IdP.
Okta User Profile Attributes
Make sure that the User Profile in the Okta Universal Directory includes populated attributes for all of:
First Name
Last Name
Email Address
At least those have to be passed along to the Syndeia SP in the SAMLResponse as Attributes. Syndeia needs names to display for the user and an email address to uniquely identify the user even as the user authenticates with numerous services.