Configure Okta as an identity provider (IdP) and PingFederate as a service provider (SP) using a SAML 2.0 connection.
You must have the following:
- PingFederate installed and operating with administrator access OS
- Okta with Workforce Identity Single sign-on, One-App, or Enterprise editions
This task also assumes that you have the following information from the SP:
- Assertion consumer service (ACS) URL
- Signing certificate (if required)
With Okta as the IdP, only a one-to-one IdP to SP entityID relationship is supported. If the SP has more than one application, a new IdP connection with a unique entityID from Okta is required. This behavior can be overridden by Okta.
- Sign on to Okta as an administrator.
- Go to .
- On the Add Application page, click Add Application.
- On the Create a New Application Integration page, in the Platform list, select Web.
- Click SAML 2.0, and then click Create.
On the General Settings tab, in the Create
SAML Integration section, enter a name for the application in
the App name field. Click
You can also add a logo and set the app visibility.
- On the Configure SAML tab, in the Single Sign on URL field, enter the PingFederate ACS URL.
- In the Audience URI field, enter the PingFederate SAML entity ID or connection virtual server ID (VSID).
- Optional: In the Attribute Statements (Optional) and Group Attribute Statements (Optional) sections, add attributes from the Okta user store to fulfill the attribute contract with the SP.
- Click Next.
Complete the sections on the Feedback tab.
The sections on this tab help the Ping Identity support team.
- Click Finish.
- To obtain the file needed to configure the PingFederate SP, in the Summary window, click the Identity Provider metadata link.
- Optional: If you're creating your own portal, click the General tab, and then copy the App Embed Link.