Retrieving SAML XML Metadata from Okta

Owned by Fernando Vargas Prandini
Jun 19, 2024
4 min read

This tutorial explains retrieving the XML metadata for a SAML application configured within Okta. This XML metadata is essential for setting up Single Sign-On (SSO) services for your web application by facilitating the exchange of user authentication data between Okta and your application.

Prerequisites

  • Administrative access to the Okta Admin console.

  • A SAML application is already configured within Okta.

Steps

1. Access the Okta Admin Console

Navigate to the Okta Admin Console and sign in with your administrator account. In My Apps Dashboard, click Admin in the header menu.

image-20240619-173400.png

 

2. Create App Integration

Once you're in, look at the left sidebar and click on Applications. Then, hit the Create App Integration button to get started.

image-20240619-175024.png

 

Then, choose SAML 2.0 from the options available.

 

3. Name Your App

Now, it's time to name your app. Enter “Botdoc” as the app name and upload the Botdoc logo if you have it. After that, click Next to proceed.

 

4. Fill in SAML Settings

When logged in as an admin in Botdoc, navigate to your Organizations settings, and then to the SSO Configuration. Here, you'll find the required fields for Okta’s SAML Settings form.

Copy the following fields from Botdoc and paste them into Okta.

  • ACS URL → paste in Single sign-on URL

  • Entity ID → paste in Audience URI (SP Entity ID)

It is also necessary to set “Name ID format” as “EmailAddress”.

 

5. Configure SAML Attribute Mapping

Within the same step (2 - Configure SAML), configure the attribute mapping to ensure that Okta sends the correct user data to your web app. Set the attributes as follows:

  • First Name: Map user.firstName attribute to given_name

  • Last Name: Map user.lastNameattribute to family_name

  • Email: Map user.email attribute to email

  • Nickname: Map user.login attribute to nickname

These mappings ensure that your application receives the necessary user details for authentication and user profile management.

 

6. Skip the Satisfaction Poll

On the last step (3 - Feedback), select the second option to skip over the satisfaction poll from Okta, then click Finish. This will save you some time.

 

7. Download the Metadata

In the application's settings, locate the option for SAML metadata. There will typically be a link with a Copy button below it.

Access the link to download the XML file. This file contains the SAML configuration details including the Entity ID, Assertion Consumer Service (ACS) URL, and Single Logout Service URL, among others.

The XML file should look like this:

 

8. Enable Single Sign-On

Finally, in your Botdoc Organization’s SSO Configuration, make sure to activate Single Sign-On. This will complete the setup and allow your users to log in using Okta.

Conclusion

By retrieving the SAML XML metadata from Okta, you can ensure that your web application is properly configured for SSO with Okta as the identity provider. This setup helps streamline user access and enhance security by utilizing Okta’s authentication mechanisms.