3. Configure Okta as an Identity Provider in OCI IAM Identity Domain

Create an IdP for Okta on the OCI Console.

1. In the OCI Console in the domain you are working in, click Security and then click Identity providers.
2. Click Add IdP and then click Add SAML IdP.
3. Enter a name for the SAML IdP, for example, Okta. Click Next.
4. On the Exchange metadata page, ensure that Enter IdP metadata is selected.
5. Enter the following from step 6 in 2. Create an Application in Okta for OCI IAM Identity Domain.
   • For Identity provider issuer URI: Enter the ID.
   • For SSO service URL: Enter the SingleSignOnService URL.
   • For SSO service binding: Select POST.
   • For Upload identity provider signing certificate: Use the .pem file of the Okta certification.

   
   
   

6. On the Map attributes page:
   • For Requested NameId format, choose None.
   • For Identity provider user attribute: Choose SAML assertion Name ID.
   • For Identity Domain user attribute: Choose UserName.
7. Click Next.
8. Review and click Create IDP.
9. On the What's Next page, click Activate and then click Add to IdP policy.
10. Click Default Identity Provider Policy to open it and then click the Actions menu ( ) for the rule and click Edit IdP rule.
11. Click in Assign identity providers and then click Okta to add it to the list.
12. Click Save changes.
13. Download the SP Certificate.
14. In the OCI Console in the domain in which you are working, click Security and then click Identity providers.
15. Click Okta.
16. On the Okta IdP page, click Service Provider metadata.
17. Click Download next to Service Provider signing certificate to download the SP signing certificate and save it.