3. Configure Okta as an Identity Provider in OCI IAM Identity Domain

  1. In the OCI Console, go to the Identity Domain in which you want to configure Okta Federation.
  2. Click the Federation tab. Under Identity Providers, click the Actions menu and select Add SAML IdP.
  3. Enter a name for the SAML IdP. For example, Okta. Click Next.
  4. On the Exchange metadata page, ensure that Enter IdP metadata - Enter Parameters manually is selected.
  5. Enter the following from step 7 in 2. Create an Application in Okta for OCI IAM Identity Domain.
    • For Identity provider issuer URI: Enter the Entity/Issuer ID.
    • For SSO service URL: Enter the SingleSignOnService URL.
    • For SSO service binding: Select POST.
    • For Upload identity provider signing certificate: Use the .pem file of the Okta certification.
  6. On the Map User Identity page:
    • For Requested NameId format: Choose None.
    • For Identity provider user attribute: Choose SAML assertion Name ID.
    • For Identity Domain user attribute: Choose UserName.
  7. Click Next.
  8. Review and click Create IDP.
  9. Click the newly created Identity Provider to open the IdP Details page.
  10. Click the Actions menu and click Activate.
  11. Under Service Provider Metadata, scroll down and click Download next to Service provider signing certificate and save it.

Parent topic: Configuring Identity Federation in OCI IAM Identity Domain when using Okta as the Identity Provider