Create a new SAML identity provider in the Workspace ONE Access console for the Okta integration.

Procedure

Log in to the Workspace ONE Access console as the System administrator.

Select Integrations > Identity Providers .

Click Add Identity Provider and select Create SAML IDP . Identity Provider Name Enter a name for the new identity provider, such as Okta SAML IdP . Binding Protocol Select HTTP Post . Note: This field appears after you enter the metadata URL in the SAML Metadata section and click Process IdP Metadata . SAML Metadata

In the Identity Provider Metadata text box, enter the metadata URL copied from Okta. For example:

https:// yourOktaTenant /app/appId/sso/saml/metadata

Click Process IdP Metadata .

In the Identify User Using section, select NameID Element .

In the Name ID format mapping from SAML Response section, click the + icon, then select the following values:

Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Name ID Value: userPrincipalName

Note: Select the User Attribute that the application username value defined in Okta will match.

In the Name ID Policy in SAML Request section, select the same value that you selected for Name ID Format in the previous step:

urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Leave the Send Subject in SAML Request (when available) check box unselected.

Users Select the directories you want to authenticate using this identity provider. Network Select the networks that can access this identity provider. Authentication Methods Enter the following:

Authentication Methods: Enter a name for the Okta authentication method, such as Okta Auth Method .

SAML Context: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport