From 2404bfcbe4f6ece9a5c1008857fbf445ff364ecc Mon Sep 17 00:00:00 2001 From: Divya Bhushan Date: Sun, 17 May 2026 14:25:43 +0530 Subject: [PATCH 01/28] First commit to create a base branch for OKTA-1174908 --- .../vuepress-theme-prose/const/navbar.const.js | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/packages/@okta/vuepress-theme-prose/const/navbar.const.js b/packages/@okta/vuepress-theme-prose/const/navbar.const.js index 8818458cd5b..34f8686a4da 100644 --- a/packages/@okta/vuepress-theme-prose/const/navbar.const.js +++ b/packages/@okta/vuepress-theme-prose/const/navbar.const.js @@ -754,20 +754,6 @@ export const guides = [ title: "Okta Integration Network", customLandingPage: true, subLinks: [ - { - title: "Single Sign-On", - path: "/docs/guides/oin-sso-overview/", - subLinks: [ - { - title: "Build an SSO integration", - guideName: "build-sso-integration", - }, - { - title: "Add a private SSO integration", - guideName: "add-private-app", - }, - ], - }, { title: "Lifecycle management", path: "/docs/guides/oin-lifecycle-mgmt-overview/", From 00646aac20e25512e8e108acca3efc08122bdb9b Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Tue, 26 May 2026 16:29:10 +0530 Subject: [PATCH 02/28] private app oidc --- .../create-an-app-integration/main/index.md | 41 +++++++++++++++---- .../main/openidconnect/protocol-config.md | 30 +++++++++++--- 2 files changed, 56 insertions(+), 15 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index ddf0abdd632..b2ee0ce4021 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -12,11 +12,13 @@ This guide explains what an app integration is, why you need one, and how to cre * Learn about app integrations in Okta. * Learn how to create the app integration. +* Learn how to test your SSO integration in your Okta org. #### What you need * An [Okta Integrator Free Plan org](https://developer.okta.com/signup/). * An admin user in the Integrator Free Plan org with either the super admin or the app and org admin roles. +* A functional SSO integration created in accordance with the Build a Single Sign-On integration guide. --- @@ -91,15 +93,22 @@ Okta adds an instance of the app integration to your org, and you can now assign You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create an app integration and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. +>**Note**: As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. + 1. Open the Admin Console for your org. -2. Go to **Applications > Applications**. -3. Click **Create App Integration**. -4. Choose the integration type that matches your app’s requirements. -5. Ensure that you have the following integration settings ready: +1. Go to **Applications > Applications**. +1. Click **Create App Integration**. +1. Select **OpenID Connect** in the **Sign in Method** section. +1. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration and click **Next**. +1. Configure the following integration settings on the **General Settings** tab: -6. Create the integration. See: +1. Click **Save**. + + >**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. If you need to generate a new client secret under **Client Credentials**, remember to update your app with the new credentials to prevent downtime. To make your app publicly available later, see [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/). + +1. To build and finalize your implementation settings details, see After you create your integration, you can assign it to your users in your org. @@ -115,10 +124,24 @@ To build, test, and submit your API service integration to the OIN catalog. See Once your app is set up: -1. Assign the app to a test user or group from **Assignments**. -2. Log in to the Okta End-User Dashboard. -3. Click the app and verify successful redirection/authentication. -4. Review tokens or SAML assertions using developer tools or Okta logs. +### Assign users + +1. Click the **Assignments** tab. +2. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. +3. Enter the appropriate people or groups that you want to have Single Sign-On into your app, click **Assign** for each, verify user attributes, and select **Save and Go Back**. +4. Click **Done**. + +### Test SSO + +1. Sign in to the Okta End-User Dashboard as a test user and click the app tile. + +### Verify redirection + +Ensure the app-initiated flow correctly redirects back from the Okta sign-in page to your app. + +### Troubleshoot + +If issues occur, navigate to **Reports** > **System Log** to examine failure messages or 4XX status codes. You can also post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=oidc). ## See also \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index 3b4f3762a50..aec5d650a39 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -1,6 +1,24 @@ -* App integration name -* Controlled access -* Sign-in redirect URIs -* Grant types -* Controlled access -* Details on the sign-in initiation flow \ No newline at end of file +* **App integration name** - enter a name for your integration and (optionally) upload a logo. + +* **Grant types** - select the grant type for your OAuth 2.0 flow based on your app type: + - **Web app:** + - `Authorization Code` (mandatory for web platform applications) + - `Refresh token` (not supported for OIN app integrations) + - `Implicit (hybrid)` (optional) — click Advanced to select. + - Note: If you're using Classic Engine, select `Implicit (hybrid)` from the Grant type section. + + - **SPA:** + - `Authorization Code` + - `Implicit (hybrid)` — click Advanced to select. + - Note: For SPA app integrations, the Authorization Code grant type always uses PKCE to verify the client. Also, the Client acting on behalf of itself grant type isn't supported in OIN app integrations. + +* **Sign-in redirect URIs** - Enter the absolute URIs where Okta sends OAuth responses. You can specify more than one. + +* **Sign-out redirect URIs (Optional)** - Enter the URIs where Okta redirects users after sign-out. + +* **Login initiation** - Configure the settings based on your sign-in initiation flow to determine how the integration appears as a tile on the Okta End-User Dashboard: + - If you only support direct SSO from your app, set Login initiated by to **App Only**. + - If you want a dashboard tile, set Login initiated by to **Either Okta or App**. This reveals the App Embed Link and allows you to select **Display application icon to users**. + - Set the Login flow to **Redirect to app** to initiate login (OIDC compliant) and provide the URI used to initiate the request. + +* **Assignments** - Assign a group or leave the Everyone default. Ensure that the intended users are assigned to the selected group. \ No newline at end of file From 12d9afb63f98aa1d870e3257b281deaa7dd843a3 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Tue, 26 May 2026 17:09:43 +0530 Subject: [PATCH 03/28] test foramt --- .../create-an-app-integration/main/index.md | 24 +++++++---------- .../main/openidconnect/protocol-config.md | 26 ++++++++++--------- 2 files changed, 23 insertions(+), 27 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index b2ee0ce4021..f70bf4971a8 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -91,7 +91,7 @@ Okta adds an instance of the app integration to your org, and you can now assign ### Create a custom app integration -You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create an app integration and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. +You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create a private app integration for your app and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. >**Note**: As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. @@ -124,24 +124,18 @@ To build, test, and submit your API service integration to the OIN catalog. See Once your app is set up: -### Assign users +1. Assign users: -1. Click the **Assignments** tab. -2. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. -3. Enter the appropriate people or groups that you want to have Single Sign-On into your app, click **Assign** for each, verify user attributes, and select **Save and Go Back**. -4. Click **Done**. + a. Click the **Assignments** tab. + b. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. + c. Enter the appropriate people or groups that you want to have Single Sign-On into your app, click **Assign** for each, verify user attributes, and select **Save and Go Back**. + 4. Click **Done**. -### Test SSO +1. Test SSO: Sign in to the Okta End-User Dashboard as a test user and click the app tile. -1. Sign in to the Okta End-User Dashboard as a test user and click the app tile. +1. Verify redirection: Ensure the app-initiated flow correctly redirects back from the Okta sign-in page to your app. -### Verify redirection - -Ensure the app-initiated flow correctly redirects back from the Okta sign-in page to your app. - -### Troubleshoot - -If issues occur, navigate to **Reports** > **System Log** to examine failure messages or 4XX status codes. You can also post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=oidc). +1. Troubleshoot: If issues occur, navigate to **Reports** > **System Log** to examine failure messages or *4XX* status codes. You can also post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=oidc). ## See also \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index aec5d650a39..79ce1728016 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -1,24 +1,26 @@ * **App integration name** - enter a name for your integration and (optionally) upload a logo. -* **Grant types** - select the grant type for your OAuth 2.0 flow based on your app type: +* **Grant types** - select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - **Web app:** - - `Authorization Code` (mandatory for web platform applications) - - `Refresh token` (not supported for OIN app integrations) - - `Implicit (hybrid)` (optional) — click Advanced to select. - - Note: If you're using Classic Engine, select `Implicit (hybrid)` from the Grant type section. + - **Authorization Code** (mandatory for web platform applications) + - **Refresh token** (not supported for OIN app integrations) + - **Implicit (hybrid)** (optional) — click **Advanced** to select. + + >**Note:** If you're using Classic Engine, select **Implicit (hybrid)** from the **Grant type** section. - **SPA:** - - `Authorization Code` - - `Implicit (hybrid)` — click Advanced to select. - - Note: For SPA app integrations, the Authorization Code grant type always uses PKCE to verify the client. Also, the Client acting on behalf of itself grant type isn't supported in OIN app integrations. + - **Authorization Code** + - **Implicit (hybrid)** — click **Advanced** to select. + + >**Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. * **Sign-in redirect URIs** - Enter the absolute URIs where Okta sends OAuth responses. You can specify more than one. * **Sign-out redirect URIs (Optional)** - Enter the URIs where Okta redirects users after sign-out. * **Login initiation** - Configure the settings based on your sign-in initiation flow to determine how the integration appears as a tile on the Okta End-User Dashboard: - - If you only support direct SSO from your app, set Login initiated by to **App Only**. - - If you want a dashboard tile, set Login initiated by to **Either Okta or App**. This reveals the App Embed Link and allows you to select **Display application icon to users**. - - Set the Login flow to **Redirect to app** to initiate login (OIDC compliant) and provide the URI used to initiate the request. + - If you only support direct SSO from your app, set **Login initiated by to App Only**. + - If you want a dashboard tile, set L**ogin initiated by to Either Okta or App**. This reveals the **App Embed Link** and allows you to select **Display application icon to users**. + - Set the **Login flow to Redirect to app to initiate login (OIDC compliant)** and provide the URI used to initiate the request. -* **Assignments** - Assign a group or leave the Everyone default. Ensure that the intended users are assigned to the selected group. \ No newline at end of file +* **Assignments** - Assign a group or leave the **Everyone** default. Ensure that the intended users are assigned to the selected group. \ No newline at end of file From 09127c075c9b28f812e0080ec68112d4d1e25be2 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Tue, 26 May 2026 17:45:57 +0530 Subject: [PATCH 04/28] self edit --- .../guides/create-an-app-integration/main/index.md | 11 +++++------ .../main/openidconnect/protocol-config.md | 6 +++--- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index f70bf4971a8..20ca425a17c 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -18,7 +18,7 @@ This guide explains what an app integration is, why you need one, and how to cre * An [Okta Integrator Free Plan org](https://developer.okta.com/signup/). * An admin user in the Integrator Free Plan org with either the super admin or the app and org admin roles. -* A functional SSO integration created in accordance with the Build a Single Sign-On integration guide. +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/openidconnect/main/) guide. --- @@ -110,10 +110,6 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte 1. To build and finalize your implementation settings details, see -After you create your integration, you can assign it to your users in your org. - -The integration you created is private and visible only within your own Okta org. If you want to make your app integration publicly available in the OIN, see [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/). - ### Create an API Service Integration You can also add any API service integration listed in the OIN catalog with their Okta tenant org. See [API Service Integrations](https://developer.okta.com/docs/guides/oin-api-service-overview/). @@ -127,9 +123,12 @@ Once your app is set up: 1. Assign users: a. Click the **Assignments** tab. + b. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. + c. Enter the appropriate people or groups that you want to have Single Sign-On into your app, click **Assign** for each, verify user attributes, and select **Save and Go Back**. - 4. Click **Done**. + + d. Click **Done**. 1. Test SSO: Sign in to the Okta End-User Dashboard as a test user and click the app tile. diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index 79ce1728016..ae5d4e78091 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -1,6 +1,6 @@ -* **App integration name** - enter a name for your integration and (optionally) upload a logo. +* **App integration name** - Enter a name for your integration and (optionally) upload a logo. -* **Grant types** - select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: +* **Grant types** - Select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - **Web app:** - **Authorization Code** (mandatory for web platform applications) - **Refresh token** (not supported for OIN app integrations) @@ -10,7 +10,7 @@ - **SPA:** - **Authorization Code** - - **Implicit (hybrid)** — click **Advanced** to select. + - **Implicit (hybrid)** — Click **Advanced** to select. >**Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. From 730a8a52e2ecad55c36f9d9f75e1a544b42c7112 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Thu, 28 May 2026 09:37:02 +0530 Subject: [PATCH 05/28] Dev ad comment --- .../main/openidconnect/protocol-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index ae5d4e78091..346b205a624 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -20,7 +20,7 @@ * **Login initiation** - Configure the settings based on your sign-in initiation flow to determine how the integration appears as a tile on the Okta End-User Dashboard: - If you only support direct SSO from your app, set **Login initiated by to App Only**. - - If you want a dashboard tile, set L**ogin initiated by to Either Okta or App**. This reveals the **App Embed Link** and allows you to select **Display application icon to users**. + - If you want a dashboard tile, set **Login initiated by to Either Okta or App**. This reveals the **App Embed Link** and allows you to select **Display application icon to users**. - Set the **Login flow to Redirect to app to initiate login (OIDC compliant)** and provide the URI used to initiate the request. * **Assignments** - Assign a group or leave the **Everyone** default. Ensure that the intended users are assigned to the selected group. \ No newline at end of file From 9e6abf80cc7f986b9e60c5866502139a7222d836 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Thu, 28 May 2026 13:50:30 +0530 Subject: [PATCH 06/28] private app int for saml m1 refactor --- packages/@okta/vuepress-site/conductor.yml | 4 ++ .../create-an-app-integration/main/index.md | 50 +++++++++++++++---- .../main/saml2/protocol-config.md | 35 ++++++++++--- 3 files changed, 72 insertions(+), 17 deletions(-) diff --git a/packages/@okta/vuepress-site/conductor.yml b/packages/@okta/vuepress-site/conductor.yml index 1cdaf440276..94f63eeda65 100644 --- a/packages/@okta/vuepress-site/conductor.yml +++ b/packages/@okta/vuepress-site/conductor.yml @@ -6091,3 +6091,7 @@ redirects: to: /docs/guides/migrate-to-okta-with-scripts/main/ - from: /docs/guides/migrate-to-okta-bulk/main to: /docs/guides/migrate-to-okta-with-scripts/main/ + - from: /docs/guides/add-private-app/saml2/main/index.html + to: /docs/guides/create-an-app-integration/saml2/main/ + - from: /docs/guides/add-private-app/saml2/main + to: /docs/guides/create-an-app-integration/saml2/main diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index ddf0abdd632..5646aa9c1c5 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -12,11 +12,13 @@ This guide explains what an app integration is, why you need one, and how to cre * Learn about app integrations in Okta. * Learn how to create the app integration. +* Learn how to test your sso integration in your okta org. #### What you need * An [Okta Integrator Free Plan org](https://developer.okta.com/signup/). * An admin user in the Integrator Free Plan org with either the super admin or the app and org admin roles. +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/saml2/main/) guide. --- @@ -91,19 +93,27 @@ Okta adds an instance of the app integration to your org, and you can now assign You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create an app integration and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. +>**Note:** As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. + 1. Open the Admin Console for your org. -2. Go to **Applications > Applications**. -3. Click **Create App Integration**. -4. Choose the integration type that matches your app’s requirements. -5. Ensure that you have the following integration settings ready: +1. Go to **Applications > Applications**. +1. Click **Create App Integration**. +1. Select SAML 2.0 as the integration type in the **Sign-In** method section and click **Next**. +1. On the **General Settings** tab, enter a name for your integration and optionally upload a logo. You can also choose to hide the integration from your end user's Okta dashboard or mobile app. Click **Next**. +1. On the **Configure SAML** tab, configure the following integration settings using the SAML information that you gathered when you built your integration: -6. Create the integration. See: +1. On the **Feedback** tab, select how you want to position this app: + + * **Internal (Private) Apps**: Select **I'm an Okta customer adding an internal app**. You can then specify the app type or indicate if the vendor needs to be contacted. + * **OIN-bound Apps**: If you’re an ISV, select **I'm a software vendor. I'd like to integrate my app with Okta**. This doesn’t make it public automatically. It prepares the integration for OIN submission. -After you create your integration, you can assign it to your users in your org. +1. Click **Finish**. -The integration you created is private and visible only within your own Okta org. If you want to make your app integration publicly available in the OIN, see [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/). +1. To build and finalize your implementation settings details, see: . + +>**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). ### Create an API Service Integration @@ -115,10 +125,28 @@ To build, test, and submit your API service integration to the OIN catalog. See Once your app is set up: -1. Assign the app to a test user or group from **Assignments**. -2. Log in to the Okta End-User Dashboard. -3. Click the app and verify successful redirection/authentication. -4. Review tokens or SAML assertions using developer tools or Okta logs. +1. Assign users: + + a. Go to the **Assignments** tab. + + b. Click **Assign** and select either **Assign to People** or **Assign to Groups**. + + c. Enter the people or groups that you want to grant SSO access to the app, click **Assign** for each, verify user attributes, then select **Save and Go Back**. + + d. Click **Done**. + +1. Identity Provider (IdP) flow: + + a. Sign in to the Okta End-User Dashboard. + + b. Click the app tile and verify successful redirection/authentication. + +1. Review tokens or SAML assertions using developer tools or Okta logs. + +1. Troubleshoot: + + * Install the [SAML Tracer extension for Firefox](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) for testing, or use a similar tool for other browsers. + * Post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=saml). ## See also \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index 49a2f9c9966..c02d762b140 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -1,6 +1,29 @@ -* App name -* SSO URL or ACS URL -* Audience URI (SP Entity ID) -* Name ID format and attribute statement -* Signed SAML assertions -See [Application Integration Wizard SAML field reference](https://help.okta.com/okta_help.htm?type=oie&id=csh-attribute-statements-saml) for details. +* **Single sign on URL** field - Enter the Assertion Consumer Service (ACS) URL. + +* **Audience URI (SP Entity ID)** field - Enter the unique identifier for your app. + + > **Note:** If you're just testing your setup using a sample SAML SP (such as a sample SAML Service Provider on GitHub), enter the following test URL into the **Single sign on URL** and **Audience URI (SP Entity ID)** fields: + + ``` + http://example.com/saml/sso/example-okta-com + ``` + +* Choose the **Name ID format** and **Application username** that must be sent to your app in the SAML response (for example, `EmailAddress` and `Email`) or leave the defaults. + +* **Attribute Statements (optional)** section - Enter the SAML attributes to be shared with your application. For example: + + | Name (in SAML application) | Value (in Okta profile) | + |---|---| + | `FirstName` | `user.firstName` | + | `LastName` | `user.lastName` | + | `Email` | `user.email` | + +* If your org uses groups to categorize users, fill in the **Group Attribute Statements (optional)** section to filter by group membership in your SAML assertion. For example: + + - **Name** — `groups` + - **Filter** — `Matches regex` + - **Value** — `.*` + +* Click < > **Preview the SAML Assertion** in section B to preview the generated SAML assertion. + +* Click **Next**. \ No newline at end of file From b4c51e2fc36cdac12eaf107a778901e6458c1593 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Thu, 28 May 2026 16:23:14 +0530 Subject: [PATCH 07/28] testing snippet --- packages/@okta/vuepress-site/conductor.yml | 2 +- .../create-an-app-integration/main/index.md | 17 +----- .../main/openidconnect/integration.md | 1 - .../main/openidconnect/protocol-config.md | 16 +++--- .../main/saml2/integration.md | 1 - .../main/saml2/protocol-config.md | 52 ++++++++++++------- .../main/scim/integration.md | 2 +- .../main/scim/protocol-config.md | 6 ++- .../main/swa/integration.md | 1 - .../main/swa/protocol-config.md | 10 ++-- 10 files changed, 59 insertions(+), 49 deletions(-) diff --git a/packages/@okta/vuepress-site/conductor.yml b/packages/@okta/vuepress-site/conductor.yml index 94f63eeda65..284bda30575 100644 --- a/packages/@okta/vuepress-site/conductor.yml +++ b/packages/@okta/vuepress-site/conductor.yml @@ -6094,4 +6094,4 @@ redirects: - from: /docs/guides/add-private-app/saml2/main/index.html to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/add-private-app/saml2/main - to: /docs/guides/create-an-app-integration/saml2/main + to: /docs/guides/create-an-app-integration/saml2/main/ diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index 5646aa9c1c5..5278c739e18 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -98,22 +98,9 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte 1. Open the Admin Console for your org. 1. Go to **Applications > Applications**. 1. Click **Create App Integration**. -1. Select SAML 2.0 as the integration type in the **Sign-In** method section and click **Next**. -1. On the **General Settings** tab, enter a name for your integration and optionally upload a logo. You can also choose to hide the integration from your end user's Okta dashboard or mobile app. Click **Next**. -1. On the **Configure SAML** tab, configure the following integration settings using the SAML information that you gathered when you built your integration: +1. Select the required integration type in the **Sign-In** method section and click **Next**. - - -1. On the **Feedback** tab, select how you want to position this app: - - * **Internal (Private) Apps**: Select **I'm an Okta customer adding an internal app**. You can then specify the app type or indicate if the vendor needs to be contacted. - * **OIN-bound Apps**: If you’re an ISV, select **I'm a software vendor. I'd like to integrate my app with Okta**. This doesn’t make it public automatically. It prepares the integration for OIN submission. - -1. Click **Finish**. - -1. To build and finalize your implementation settings details, see: . - ->**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). + ### Create an API Service Integration diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md index 36e296302bc..e69de29bb2d 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md @@ -1 +0,0 @@ -[Create OpenID Connect app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-oidc) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index 3b4f3762a50..18ead639961 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -1,6 +1,10 @@ -* App integration name -* Controlled access -* Sign-in redirect URIs -* Grant types -* Controlled access -* Details on the sign-in initiation flow \ No newline at end of file +5. Ensure that you have the following integration settings ready: + + * App integration name + * Controlled access + * Sign-in redirect URIs + * Grant types + * Controlled access + * Details on the sign-in initiation flow + +6. To build and finalize your implementation settings details, see: [Create OpenID Connect app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-oidc). \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md index 9f4e2382aa4..e69de29bb2d 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md @@ -1 +0,0 @@ -[Create SAML app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-saml) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index c02d762b140..7ae83709ee4 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -1,29 +1,43 @@ -* **Single sign on URL** field - Enter the Assertion Consumer Service (ACS) URL. +5. On the **General Settings** tab, enter a name for your integration and optionally upload a logo. You can also choose to hide the integration from your end user's Okta dashboard or mobile app. Click **Next**. +6. On the **Configure SAML** tab, configure the following integration settings using the SAML information that you gathered when you built your integration: -* **Audience URI (SP Entity ID)** field - Enter the unique identifier for your app. + * **Single sign on URL** field - Enter the Assertion Consumer Service (ACS) URL. - > **Note:** If you're just testing your setup using a sample SAML SP (such as a sample SAML Service Provider on GitHub), enter the following test URL into the **Single sign on URL** and **Audience URI (SP Entity ID)** fields: + * **Audience URI (SP Entity ID)** field - Enter the unique identifier for your app. - ``` - http://example.com/saml/sso/example-okta-com - ``` + > **Note:** If you're just testing your setup using a sample SAML SP (such as a sample SAML Service Provider on GitHub), enter the following test URL into the **Single sign on URL** and **Audience URI (SP Entity ID)** fields: -* Choose the **Name ID format** and **Application username** that must be sent to your app in the SAML response (for example, `EmailAddress` and `Email`) or leave the defaults. + ``` + http://example.com/saml/sso/example-okta-com + ``` -* **Attribute Statements (optional)** section - Enter the SAML attributes to be shared with your application. For example: + * Choose the **Name ID format** and **Application username** that must be sent to your app in the SAML response (for example, `EmailAddress` and `Email`) or leave the defaults. - | Name (in SAML application) | Value (in Okta profile) | - |---|---| - | `FirstName` | `user.firstName` | - | `LastName` | `user.lastName` | - | `Email` | `user.email` | + * **Attribute Statements (optional)** section - Enter the SAML attributes to be shared with your application. For example: -* If your org uses groups to categorize users, fill in the **Group Attribute Statements (optional)** section to filter by group membership in your SAML assertion. For example: + | Name (in SAML application) | Value (in Okta profile) | + |---|---| + | `FirstName` | `user.firstName` | + | `LastName` | `user.lastName` | + | `Email` | `user.email` | - - **Name** — `groups` - - **Filter** — `Matches regex` - - **Value** — `.*` + * If your org uses groups to categorize users, fill in the **Group Attribute Statements (optional)** section to filter by group membership in your SAML assertion. For example: -* Click < > **Preview the SAML Assertion** in section B to preview the generated SAML assertion. + - **Name** — `groups` + - **Filter** — `Matches regex` + - **Value** — `.*` -* Click **Next**. \ No newline at end of file + * Click < > **Preview the SAML Assertion** in section B to preview the generated SAML assertion. + + * Click **Next**. + +7. On the **Feedback** tab, select how you want to position this app: + + * **Internal (Private) Apps**: Select **I'm an Okta customer adding an internal app**. You can then specify the app type or indicate if the vendor needs to be contacted. + * **OIN-bound Apps**: If you’re an ISV, select **I'm a software vendor. I'd like to integrate my app with Okta**. This doesn’t make it public automatically. It prepares the integration for OIN submission. + +8. Click **Finish**. + +>**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). + +9. To build and finalize your implementation settings details, see: [Create SAML app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-saml). \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md index 93ad4398297..8b137891791 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md @@ -1 +1 @@ -[Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) + diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md index c0b2b741c4c..1f54087efca 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md @@ -1 +1,5 @@ -Create an SSO integration that supports SCIM. See [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim). \ No newline at end of file +6. Ensure that you have the following integration settings ready: + + Create an SSO integration that supports SCIM. See [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim). + +7. To build and finalize your implementation settings details, see: [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md index 452779f04d9..e69de29bb2d 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md @@ -1 +0,0 @@ -[Create SWA app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-swa) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md index 0bfcf7b4340..6d0acc69cc9 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md @@ -1,3 +1,7 @@ -* App name -* App’s login page URL -* Credential settings \ No newline at end of file +5. Ensure that you have the following integration settings ready: + + * App name + * App’s login page URL + * Credential settings + +6. To build and finalize your implementation settings details, see: [Create SWA app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-swa) \ No newline at end of file From 5379388fb59e84e70e7689715860df0de8024574 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Thu, 28 May 2026 16:46:01 +0530 Subject: [PATCH 08/28] further test --- .../docs/guides/create-an-app-integration/main/index.md | 2 ++ .../create-an-app-integration/main/saml2/protocol-config.md | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index 5278c739e18..c27b72c7e0f 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -102,6 +102,8 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte +>**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). + ### Create an API Service Integration You can also add any API service integration listed in the OIN catalog with their Okta tenant org. See [API Service Integrations](https://developer.okta.com/docs/guides/oin-api-service-overview/). diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index 7ae83709ee4..942512aef10 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -38,6 +38,4 @@ 8. Click **Finish**. ->**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). - -9. To build and finalize your implementation settings details, see: [Create SAML app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-saml). \ No newline at end of file +9. To build and finalize your implementation settings details, see: [Create SAML app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-saml). From 1203a0bb0ba1c78ea2a019f986a6fd272220169c Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Thu, 28 May 2026 17:17:01 +0530 Subject: [PATCH 09/28] test snippet --- packages/@okta/vuepress-site/conductor.yml | 4 ++++ .../docs/guides/create-an-app-integration/main/index.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/@okta/vuepress-site/conductor.yml b/packages/@okta/vuepress-site/conductor.yml index 1cdaf440276..31cff749a05 100644 --- a/packages/@okta/vuepress-site/conductor.yml +++ b/packages/@okta/vuepress-site/conductor.yml @@ -6091,3 +6091,7 @@ redirects: to: /docs/guides/migrate-to-okta-with-scripts/main/ - from: /docs/guides/migrate-to-okta-bulk/main to: /docs/guides/migrate-to-okta-with-scripts/main/ + - from: /docs/guides/add-private-app/openidconnect/main/index.html + to: /docs/guides/create-an-app-integration/openidconnect/main/ + - from: /docs/guides/add-private-app/openidconnect/main + to: /docs/guides/create-an-app-integration/openidconnect/main/ diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index 20ca425a17c..e54f6a724ba 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -98,7 +98,7 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte 1. Open the Admin Console for your org. 1. Go to **Applications > Applications**. 1. Click **Create App Integration**. -1. Select **OpenID Connect** in the **Sign in Method** section. +1. Select the required integration type in the **Sign in Method** section. 1. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration and click **Next**. 1. Configure the following integration settings on the **General Settings** tab: From 414cbe48748db7d8a4388f616a8977eca741e949 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 12:07:34 +0530 Subject: [PATCH 10/28] deleting oidc files --- .../docs/guides/add-private-app/index.md | 9 -- .../docs/guides/add-private-app/main/index.md | 94 ------------------- .../main/openidconnect/create.md | 7 -- .../main/openidconnect/see-also.md | 4 - .../main/openidconnect/settings.md | 33 ------- .../main/openidconnect/test.md | 14 --- 6 files changed, 161 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md deleted file mode 100644 index 13b3e1b88f9..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Add a private SSO integration -meta: - - name: description - content: Learn how to add a private SSO app integration to your Okta org -layout: Guides -sections: - - main ---- diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md deleted file mode 100644 index 7db847b06f8..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Add a private SSO integration -meta: - - name: description - content: Learn how to add a private SSO app integration to your Okta org -layout: Guides ---- - -Use this guide to add a private, custom Single Sign-On (SSO) OpenID Connect (OIDC) or SAML 2.0 integration to your Okta org. Only the users of the org where you install the private integration can use it. This guide also shows you how to test the private integration in your org. - ---- - -#### Learning outcomes - -* Learn how to add a private SSO integration to your Okta org -* Learn how to test your SSO integration in your Okta org - -#### What you need - -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide -* An Okta org (such as an [Okta Integrator Free Plan org](https://developer.okta.com/signup)) - ---- - -## Overview - -To integrate your app for Single Sign-On (SSO) with Okta, you need to first develop your app SSO integration. Then, you need to register your app with an Okta org before you can test it. - -Registration involves creating an app integration instance in your Okta org to provide you with the SSO credentials or metadata for your app authentication requests. This integration is considered private because it's only available in the org from where the app integration instance was created. - -> **Note:** An app integration is considered public if it's available in the [Okta Integration Network (OIN) catalog](https://www.okta.com/integrations/) for all Okta customers. - -This guide assumes that you've developed your app SSO integration and want to add it to your Okta org. The instructions in this guide are generic for two SSO standards: - -* **OpenID Connect (OIDC)** (preferred) -* **Security Assertion Markup Language (SAML)** - -> **Note:** Private integrations aren't restricted to the [OIN limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). You can implement the Okta features that are available on your specific Okta org. - -## Create your private integration in Okta - -After you build your app SSO integration, use the Application Integration Wizard (AIW) in the Admin Console to create your app integration instance. This instance provides you with client credentials or metadata for your SSO flows. - -> **Note:** As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. - -1. Sign in to your Integrator Free Plan org as a user with administrative privileges. -1. Go to **Applications** > **Applications** in the Admin Console. -1. Click **Create App Integration**. - - - -## Specify your integration settings - -After you create your integration instance, the main settings page appears for your new integration in the Admin Console. Specify **General Settings** and **Sign On** options, and assign the integration to users in your org. Click **Edit** if you need to change any of the options, and **Save** when you finish. - - - -## Test your integration - -This portion of the guide takes you through the steps required to test your integration. - -### Assign users - -First, you must assign your integration to one or more test users in your org: - -1. Click the **Assignments** tab. -1. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. -1. Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click **Assign** for each. -1. Verify the user-specific attributes for any people that you add, and then select **Save and Go Back**. -1. Click **Done**. - -### Test Single Sign-On - -1. Sign out of your Okta org by clicking **Sign out** in the upper-right corner of the Admin Console. -1. Sign in to the Okta End-User Dashboard as a regular user assigned to the integration. - - > **Note:** If you sign in as a non-admin user to your Okta org from a browser, the End-User Dashboard appears. To access the End-User Dashboard from a mobile device, see [Okta End-User-Dashboard](https://help.okta.com/okta_help.htm?type=eu&id=ext_user_dashboard_overview). -1. Click the Okta tile for the integration and confirm that the user is signed in to your app. - - - -## Next steps - -After you test your SSO integration, communicate to your Okta org users about the custom app SSO capability. - -If you decide to publish your integration to the OIN later on: - -* Review the [Publish an OIN integration](/docs/guides/submit-app-overview/) overview to understand the submission process for publishing an integration. -* Review the [OIN submission requirements](/docs/guides/submit-app-prereq/) before starting the submission process. -* Use the [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/saml2/main/) guide to test and submit your integration to the OIN. - -## See also - - diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md deleted file mode 100644 index 82f6972485f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md +++ /dev/null @@ -1,7 +0,0 @@ -4. On the Create a new app integration page, select **OpenID Connect** in the **Sign-in method** section. -1. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration. -1. Click **Next**. -1. In **General Settings**, enter a name for your integration and (optionally) upload a logo. -1. Add your **Sign-in redirect URIs** and optional **Sign-out redirect URIs**. These URIs must be absolute URIs, and you can specify more than one. -1. In **Assignments**, assign a group or leave the **Everyone** default. Be sure to verify that the users you want to have access are assigned to the group that you select. For instructions on how to assign the app integration to individual users and groups, see the [Assign app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_Apps_Page-assign) topic in the Okta product documentation. -1. Click **Save**. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md deleted file mode 100644 index 142b3a8ab4d..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md +++ /dev/null @@ -1,4 +0,0 @@ -* [OAuth 2.0 vs. OpenID Connect](/docs/concepts/oauth-openid/#oauth-2-0-vs-openid-connect) -* [Okta Developer Forum: OIDC](https://devforum.okta.com/search?q=oidc) -* [Redirect authentication](/docs/guides/redirect-authentication/): for language and platform-specific redirect authentication guides -* [Embedded authentication](/docs/guides/embedded-authentication/): for language, platform-specific, and embedded-authentication use case guides \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md deleted file mode 100644 index d64919c67f2..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md +++ /dev/null @@ -1,33 +0,0 @@ -### Specify OIDC settings - -* On the **General** tab, select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - - * Web app: - * **Authorization Code** (mandatory for web platform applications) - * **Refresh token** (not supported for OIN app integrations) - * **Implicit (hybrid)** (optional) Click **Advanced** to select. - > **Note:** If you're using Classic Engine, select **Implicit (hybrid)** from the **Grant type** section. - * SPA: - * **Authorization Code** - * **Implicit (hybrid)** Click **Advanced** to select. - - > **Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. - -* If you only want to support direct SSO to your application (the integration isn't launched from the Okta End-User Dashboard), then: - 1. Enter one or more **Sign-in redirect URIs** values where Okta sends the OAuth responses. - 1. Set the **Sign-in initiated by** dropdown box to **App Only**. - 1. Leave the remaining default values. - -* If you want to support launching your application from the Okta dashboard: - 1. Enter one or more **Sign-in redirect URIs** values where Okta sends the OAuth responses. - 2. (Optional) Enter the **Sign-out redirect URIs** where Okta redirects the browser after it receives the sign-out request from the relying party. Okta also terminates the user's session. See [Configure Single Logout in app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_Single_Logout) or the [`/logout` API endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/logoutCustomASWithPost). - 3. Change the **Login initiated by** field to **Either Okta or App** to give your integration an Okta tile. - >**Note:** When you select this option, an **App Embed Link** section appears at the bottom of the page. The URL that the user can use to sign in to the OIDC client from outside of Okta is provided. - 4. Select **Display application icon to users**. - 5. Select the **Login flow** option. For OIN app integrations, you must select **Redirect to app to initiate login (OIDC Compliant)**. - 6. Enter or change the URI used to initiate the sign-in request. - 7. Click **Save** to commit your changes. - -* If required, you can generate a new client secret. In the **Client Credentials** section, click **Edit**, then **Generate New Client Secret**. - -> **Note:** If you generate a new set of client credentials, update your app to include the new credentials for your SSO integration. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md deleted file mode 100644 index 60122b2158f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md +++ /dev/null @@ -1,14 +0,0 @@ -### Test Application-initiated sign-in flow - -1. Sign out of your administrator account in your development org and also sign out of your application. -1. Begin the sign-in process to your app, either through your app sign-on button or directly by pasting one of the **Sign-in redirect URIs** into your web browser address bar. Regardless of which method you choose, your browser must end up at the Okta-hosted sign-in page. -1. Sign in to your regular user account on the Okta-hosted sign-in page. -1. Confirm that Okta successfully redirects back into your application. - -### Troubleshoot issues - -If you run into issues with your sign-in process, you can try the following to troubleshoot the issues: - -* In the Admin Console of your Okta development org, go to **Reports** > **System Log** and examine any failure messages reported. -* Open the Admin Console in your web browser and examine any status messages related to your authentication request. The console errors have status codes in the 4XX range. Investigate and resolve any error messages generated by your sign-in request. -* Post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=oidc). From 454dc6ef1c9750cf1937e5924354f6d7d0a12957 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 12:14:37 +0530 Subject: [PATCH 11/28] delete private app --- .../add-private-app/main/saml2/create.md | 32 ------------------- .../add-private-app/main/saml2/see-also.md | 2 -- .../add-private-app/main/saml2/settings.md | 14 -------- .../guides/add-private-app/main/saml2/test.md | 6 ---- 4 files changed, 54 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md deleted file mode 100644 index 6e62d91ea71..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md +++ /dev/null @@ -1,32 +0,0 @@ -4. Select **SAML 2.0** in the **Sign-in method** section. -1. Click **Next**. -1. On the **General Settings** tab, enter a name for your integration and optionally upload a logo. You can also choose to hide the integration from your end user's Okta dashboard or mobile app. Click **Next**. -1. On the **Configure SAML** tab, use the SAML information that you gathered when you built your integration. See [Create SAML app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_App_Integration_Wizard-saml) in the Okta product documentation. - * In the **Single sign on URL** field, enter the Assertion Consumer Service (ACS) URL. - * Enter the Audience URI into the **Audience URI (SP Entity ID)** field. - >**Note:** If you're just testing your setup using a sample SAML SP (such as this [SAML Service Provider on GitHub](https://github.com/mcguinness/saml-sp)), enter the following test URL into the **Single sign on URL** and **Audience URI (SP Entity ID)** fields: `http://example.com/saml/sso/example-okta-com` - * Choose the **Name ID format** and **Application username** that must be sent to your application in the SAML response (for example, `EmailAddress` and `Email`) or leave the defaults. - * In the **Attribute Statements (optional)** section, enter the SAML attributes to be shared with your application. - For example: - | Name (in SAML application) | Value (in Okta profile) | - | ----------------------- | ------------------------- | - | `FirstName` | `user.firstName` | - | `LastName` | `user.lastName` | - | `Email` | `user.email` | - * If your org uses groups to categorize users, fill in the **Group Attribute Statements (optional)** section to filter by group membership in your SAML assertion. For example: - * **Name** — `groups` - * **Filter** — `Matches regex` - * **Value** — `.*` - * Click **< > Preview the SAML Assertion** in section B to preview the generated SAML assertion. - * Click **Next**. -1. In the final creation step, the **Feedback** tab helps Okta to understand how you want to position this application. - * If you're only creating an internal (private) SAML integration: - 1. Select **I'm an Okta customer adding an internal app**. More checkboxes and fields appear. - * Select the **App type** if you don't want the integration released publicly. If you select this box, you don't need to enter any further information. - * Select the **Contact app vendor** checkbox if Okta needs to contact you to enable SAML for the integration. If you select this checkbox, you need to provide further general information about your integration to the Okta OIN team. - 1. Click **Finish**. - * If you're an independent software vendor (ISV) and plan to add the SAML integration to the OIN: - 1. Select **I'm a software vendor. I'd like to integrate my app with Okta**. - 1. Click **Finish**. - > **Note:** Selecting this option doesn't automatically make your integration available in the [OIN](https://www.okta.com/integrations/). After you test your integration, [submit it](/docs/guides/submit-oin-app/saml2/main/) to the OIN team for verification and publication. See the OIN [submission process](/docs/guides/submit-app-overview/#submission-process) overview. -1. Click **Finish**. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md deleted file mode 100644 index e83237a3730..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md +++ /dev/null @@ -1,2 +0,0 @@ -* [Okta SAML FAQs](/docs/concepts/saml/faqs/) -* [Okta Developer Forum: SAML](https://devforum.okta.com/search?q=saml) diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md deleted file mode 100644 index baffd325d2b..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md +++ /dev/null @@ -1,14 +0,0 @@ -### Specify SAML settings - -* On the **General** tab, in the **Application** area, you can rename your integration and select visibility and launch options. You can also make any changes to the SAML settings if they changed from your original values. - -* On the **Sign On** tab, you can download the Identity Provider metadata for your integration. This information is needed to configure the SAML connection settings inside your SAML SP application: - 1. In the **Sign on methods** section, locate the **Metadata URL** link right before the **Credential Details** section. - 1. Click **Copy** next to the metadata URL. The metadata contained at this link has the information required by your SAML SP application. - - Okta recommends copying the **Metadata URL** link to dynamically configure the metadata. If your SP doesn't support dynamic configuration, you can click the **More details** dropdown menu to view and copy the specific properties: - * Sign-on URL - * Sign-out URL - * Issuer - * Signing Certificate - 1. In your SAML SP application, you can paste the link or the metadata as required to configure the IdP metadata. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md deleted file mode 100644 index d59259f0834..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md +++ /dev/null @@ -1,6 +0,0 @@ -### Troubleshoot SAML issues - -If you run into issues with your sign-in process, you can try the following to troubleshoot the issues: - -* Install the [SAML Tracer extension to Firefox](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) for testing, or similar tools for other browsers. -* Post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=saml). From fcfbed6ca54a5f6d2baf42d5a66f29574ad592e8 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 12:20:41 +0530 Subject: [PATCH 12/28] deleting private app entry --- .../docs/guides/build-sso-integration/main/index.md | 2 +- packages/@okta/vuepress-site/docs/guides/index.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md index e5686041551..429d3e09324 100644 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md @@ -78,7 +78,7 @@ Having your SSO integration public in the OIN catalog provides you with exposure ### Add a private integration -If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/add-private-app/). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: +If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/create-an-app-integration/). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: * Create your app integration instance. * Test your SSO flows. diff --git a/packages/@okta/vuepress-site/docs/guides/index.md b/packages/@okta/vuepress-site/docs/guides/index.md index c7dbaf7e7d8..94f4abee418 100644 --- a/packages/@okta/vuepress-site/docs/guides/index.md +++ b/packages/@okta/vuepress-site/docs/guides/index.md @@ -96,7 +96,6 @@ guides: - submit-app-prereq - submit-oin-app - update-oin-app - - add-private-app - deployment-checklist - deploy-your-app - dpop From 2f8cb42bf7e4b05b3f6d6802e56d01e25a707a67 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 16:13:12 +0530 Subject: [PATCH 13/28] deleting private app for saml folder --- .../docs/guides/add-private-app/index.md | 9 -- .../docs/guides/add-private-app/main/index.md | 94 ------------------- .../main/openidconnect/create.md | 7 -- .../main/openidconnect/see-also.md | 4 - .../main/openidconnect/settings.md | 33 ------- .../main/openidconnect/test.md | 14 --- .../add-private-app/main/saml2/create.md | 32 ------- .../add-private-app/main/saml2/see-also.md | 2 - .../add-private-app/main/saml2/settings.md | 14 --- .../guides/add-private-app/main/saml2/test.md | 6 -- .../build-sso-integration/main/index.md | 2 +- .../@okta/vuepress-site/docs/guides/index.md | 1 - 12 files changed, 1 insertion(+), 217 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md deleted file mode 100644 index 13b3e1b88f9..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/index.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: Add a private SSO integration -meta: - - name: description - content: Learn how to add a private SSO app integration to your Okta org -layout: Guides -sections: - - main ---- diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md deleted file mode 100644 index 7db847b06f8..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Add a private SSO integration -meta: - - name: description - content: Learn how to add a private SSO app integration to your Okta org -layout: Guides ---- - -Use this guide to add a private, custom Single Sign-On (SSO) OpenID Connect (OIDC) or SAML 2.0 integration to your Okta org. Only the users of the org where you install the private integration can use it. This guide also shows you how to test the private integration in your org. - ---- - -#### Learning outcomes - -* Learn how to add a private SSO integration to your Okta org -* Learn how to test your SSO integration in your Okta org - -#### What you need - -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide -* An Okta org (such as an [Okta Integrator Free Plan org](https://developer.okta.com/signup)) - ---- - -## Overview - -To integrate your app for Single Sign-On (SSO) with Okta, you need to first develop your app SSO integration. Then, you need to register your app with an Okta org before you can test it. - -Registration involves creating an app integration instance in your Okta org to provide you with the SSO credentials or metadata for your app authentication requests. This integration is considered private because it's only available in the org from where the app integration instance was created. - -> **Note:** An app integration is considered public if it's available in the [Okta Integration Network (OIN) catalog](https://www.okta.com/integrations/) for all Okta customers. - -This guide assumes that you've developed your app SSO integration and want to add it to your Okta org. The instructions in this guide are generic for two SSO standards: - -* **OpenID Connect (OIDC)** (preferred) -* **Security Assertion Markup Language (SAML)** - -> **Note:** Private integrations aren't restricted to the [OIN limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). You can implement the Okta features that are available on your specific Okta org. - -## Create your private integration in Okta - -After you build your app SSO integration, use the Application Integration Wizard (AIW) in the Admin Console to create your app integration instance. This instance provides you with client credentials or metadata for your SSO flows. - -> **Note:** As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. - -1. Sign in to your Integrator Free Plan org as a user with administrative privileges. -1. Go to **Applications** > **Applications** in the Admin Console. -1. Click **Create App Integration**. - - - -## Specify your integration settings - -After you create your integration instance, the main settings page appears for your new integration in the Admin Console. Specify **General Settings** and **Sign On** options, and assign the integration to users in your org. Click **Edit** if you need to change any of the options, and **Save** when you finish. - - - -## Test your integration - -This portion of the guide takes you through the steps required to test your integration. - -### Assign users - -First, you must assign your integration to one or more test users in your org: - -1. Click the **Assignments** tab. -1. Click **Assign** and then select either **Assign to People** or **Assign to Groups**. -1. Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click **Assign** for each. -1. Verify the user-specific attributes for any people that you add, and then select **Save and Go Back**. -1. Click **Done**. - -### Test Single Sign-On - -1. Sign out of your Okta org by clicking **Sign out** in the upper-right corner of the Admin Console. -1. Sign in to the Okta End-User Dashboard as a regular user assigned to the integration. - - > **Note:** If you sign in as a non-admin user to your Okta org from a browser, the End-User Dashboard appears. To access the End-User Dashboard from a mobile device, see [Okta End-User-Dashboard](https://help.okta.com/okta_help.htm?type=eu&id=ext_user_dashboard_overview). -1. Click the Okta tile for the integration and confirm that the user is signed in to your app. - - - -## Next steps - -After you test your SSO integration, communicate to your Okta org users about the custom app SSO capability. - -If you decide to publish your integration to the OIN later on: - -* Review the [Publish an OIN integration](/docs/guides/submit-app-overview/) overview to understand the submission process for publishing an integration. -* Review the [OIN submission requirements](/docs/guides/submit-app-prereq/) before starting the submission process. -* Use the [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/saml2/main/) guide to test and submit your integration to the OIN. - -## See also - - diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md deleted file mode 100644 index 82f6972485f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/create.md +++ /dev/null @@ -1,7 +0,0 @@ -4. On the Create a new app integration page, select **OpenID Connect** in the **Sign-in method** section. -1. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration. -1. Click **Next**. -1. In **General Settings**, enter a name for your integration and (optionally) upload a logo. -1. Add your **Sign-in redirect URIs** and optional **Sign-out redirect URIs**. These URIs must be absolute URIs, and you can specify more than one. -1. In **Assignments**, assign a group or leave the **Everyone** default. Be sure to verify that the users you want to have access are assigned to the group that you select. For instructions on how to assign the app integration to individual users and groups, see the [Assign app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_Apps_Page-assign) topic in the Okta product documentation. -1. Click **Save**. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md deleted file mode 100644 index 142b3a8ab4d..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/see-also.md +++ /dev/null @@ -1,4 +0,0 @@ -* [OAuth 2.0 vs. OpenID Connect](/docs/concepts/oauth-openid/#oauth-2-0-vs-openid-connect) -* [Okta Developer Forum: OIDC](https://devforum.okta.com/search?q=oidc) -* [Redirect authentication](/docs/guides/redirect-authentication/): for language and platform-specific redirect authentication guides -* [Embedded authentication](/docs/guides/embedded-authentication/): for language, platform-specific, and embedded-authentication use case guides \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md deleted file mode 100644 index d64919c67f2..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/settings.md +++ /dev/null @@ -1,33 +0,0 @@ -### Specify OIDC settings - -* On the **General** tab, select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - - * Web app: - * **Authorization Code** (mandatory for web platform applications) - * **Refresh token** (not supported for OIN app integrations) - * **Implicit (hybrid)** (optional) Click **Advanced** to select. - > **Note:** If you're using Classic Engine, select **Implicit (hybrid)** from the **Grant type** section. - * SPA: - * **Authorization Code** - * **Implicit (hybrid)** Click **Advanced** to select. - - > **Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. - -* If you only want to support direct SSO to your application (the integration isn't launched from the Okta End-User Dashboard), then: - 1. Enter one or more **Sign-in redirect URIs** values where Okta sends the OAuth responses. - 1. Set the **Sign-in initiated by** dropdown box to **App Only**. - 1. Leave the remaining default values. - -* If you want to support launching your application from the Okta dashboard: - 1. Enter one or more **Sign-in redirect URIs** values where Okta sends the OAuth responses. - 2. (Optional) Enter the **Sign-out redirect URIs** where Okta redirects the browser after it receives the sign-out request from the relying party. Okta also terminates the user's session. See [Configure Single Logout in app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_Single_Logout) or the [`/logout` API endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/logoutCustomASWithPost). - 3. Change the **Login initiated by** field to **Either Okta or App** to give your integration an Okta tile. - >**Note:** When you select this option, an **App Embed Link** section appears at the bottom of the page. The URL that the user can use to sign in to the OIDC client from outside of Okta is provided. - 4. Select **Display application icon to users**. - 5. Select the **Login flow** option. For OIN app integrations, you must select **Redirect to app to initiate login (OIDC Compliant)**. - 6. Enter or change the URI used to initiate the sign-in request. - 7. Click **Save** to commit your changes. - -* If required, you can generate a new client secret. In the **Client Credentials** section, click **Edit**, then **Generate New Client Secret**. - -> **Note:** If you generate a new set of client credentials, update your app to include the new credentials for your SSO integration. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md deleted file mode 100644 index 60122b2158f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/openidconnect/test.md +++ /dev/null @@ -1,14 +0,0 @@ -### Test Application-initiated sign-in flow - -1. Sign out of your administrator account in your development org and also sign out of your application. -1. Begin the sign-in process to your app, either through your app sign-on button or directly by pasting one of the **Sign-in redirect URIs** into your web browser address bar. Regardless of which method you choose, your browser must end up at the Okta-hosted sign-in page. -1. Sign in to your regular user account on the Okta-hosted sign-in page. -1. Confirm that Okta successfully redirects back into your application. - -### Troubleshoot issues - -If you run into issues with your sign-in process, you can try the following to troubleshoot the issues: - -* In the Admin Console of your Okta development org, go to **Reports** > **System Log** and examine any failure messages reported. -* Open the Admin Console in your web browser and examine any status messages related to your authentication request. The console errors have status codes in the 4XX range. Investigate and resolve any error messages generated by your sign-in request. -* Post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=oidc). diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md deleted file mode 100644 index 6e62d91ea71..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/create.md +++ /dev/null @@ -1,32 +0,0 @@ -4. Select **SAML 2.0** in the **Sign-in method** section. -1. Click **Next**. -1. On the **General Settings** tab, enter a name for your integration and optionally upload a logo. You can also choose to hide the integration from your end user's Okta dashboard or mobile app. Click **Next**. -1. On the **Configure SAML** tab, use the SAML information that you gathered when you built your integration. See [Create SAML app integrations](https://help.okta.com/okta_help.htm?id=ext_Apps_App_Integration_Wizard-saml) in the Okta product documentation. - * In the **Single sign on URL** field, enter the Assertion Consumer Service (ACS) URL. - * Enter the Audience URI into the **Audience URI (SP Entity ID)** field. - >**Note:** If you're just testing your setup using a sample SAML SP (such as this [SAML Service Provider on GitHub](https://github.com/mcguinness/saml-sp)), enter the following test URL into the **Single sign on URL** and **Audience URI (SP Entity ID)** fields: `http://example.com/saml/sso/example-okta-com` - * Choose the **Name ID format** and **Application username** that must be sent to your application in the SAML response (for example, `EmailAddress` and `Email`) or leave the defaults. - * In the **Attribute Statements (optional)** section, enter the SAML attributes to be shared with your application. - For example: - | Name (in SAML application) | Value (in Okta profile) | - | ----------------------- | ------------------------- | - | `FirstName` | `user.firstName` | - | `LastName` | `user.lastName` | - | `Email` | `user.email` | - * If your org uses groups to categorize users, fill in the **Group Attribute Statements (optional)** section to filter by group membership in your SAML assertion. For example: - * **Name** — `groups` - * **Filter** — `Matches regex` - * **Value** — `.*` - * Click **< > Preview the SAML Assertion** in section B to preview the generated SAML assertion. - * Click **Next**. -1. In the final creation step, the **Feedback** tab helps Okta to understand how you want to position this application. - * If you're only creating an internal (private) SAML integration: - 1. Select **I'm an Okta customer adding an internal app**. More checkboxes and fields appear. - * Select the **App type** if you don't want the integration released publicly. If you select this box, you don't need to enter any further information. - * Select the **Contact app vendor** checkbox if Okta needs to contact you to enable SAML for the integration. If you select this checkbox, you need to provide further general information about your integration to the Okta OIN team. - 1. Click **Finish**. - * If you're an independent software vendor (ISV) and plan to add the SAML integration to the OIN: - 1. Select **I'm a software vendor. I'd like to integrate my app with Okta**. - 1. Click **Finish**. - > **Note:** Selecting this option doesn't automatically make your integration available in the [OIN](https://www.okta.com/integrations/). After you test your integration, [submit it](/docs/guides/submit-oin-app/saml2/main/) to the OIN team for verification and publication. See the OIN [submission process](/docs/guides/submit-app-overview/#submission-process) overview. -1. Click **Finish**. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md deleted file mode 100644 index e83237a3730..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/see-also.md +++ /dev/null @@ -1,2 +0,0 @@ -* [Okta SAML FAQs](/docs/concepts/saml/faqs/) -* [Okta Developer Forum: SAML](https://devforum.okta.com/search?q=saml) diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md deleted file mode 100644 index baffd325d2b..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/settings.md +++ /dev/null @@ -1,14 +0,0 @@ -### Specify SAML settings - -* On the **General** tab, in the **Application** area, you can rename your integration and select visibility and launch options. You can also make any changes to the SAML settings if they changed from your original values. - -* On the **Sign On** tab, you can download the Identity Provider metadata for your integration. This information is needed to configure the SAML connection settings inside your SAML SP application: - 1. In the **Sign on methods** section, locate the **Metadata URL** link right before the **Credential Details** section. - 1. Click **Copy** next to the metadata URL. The metadata contained at this link has the information required by your SAML SP application. - - Okta recommends copying the **Metadata URL** link to dynamically configure the metadata. If your SP doesn't support dynamic configuration, you can click the **More details** dropdown menu to view and copy the specific properties: - * Sign-on URL - * Sign-out URL - * Issuer - * Signing Certificate - 1. In your SAML SP application, you can paste the link or the metadata as required to configure the IdP metadata. diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md deleted file mode 100644 index d59259f0834..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/saml2/test.md +++ /dev/null @@ -1,6 +0,0 @@ -### Troubleshoot SAML issues - -If you run into issues with your sign-in process, you can try the following to troubleshoot the issues: - -* Install the [SAML Tracer extension to Firefox](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) for testing, or similar tools for other browsers. -* Post your questions on the [Okta Developer Forum](https://devforum.okta.com/search?q=saml). diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md index e5686041551..f8eac49aa47 100644 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md @@ -78,7 +78,7 @@ Having your SSO integration public in the OIN catalog provides you with exposure ### Add a private integration -If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/add-private-app/). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: +If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/create-an-app-integration). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: * Create your app integration instance. * Test your SSO flows. diff --git a/packages/@okta/vuepress-site/docs/guides/index.md b/packages/@okta/vuepress-site/docs/guides/index.md index c7dbaf7e7d8..94f4abee418 100644 --- a/packages/@okta/vuepress-site/docs/guides/index.md +++ b/packages/@okta/vuepress-site/docs/guides/index.md @@ -96,7 +96,6 @@ guides: - submit-app-prereq - submit-oin-app - update-oin-app - - add-private-app - deployment-checklist - deploy-your-app - dpop From 52e46e0a6be079819fb4095fff3747a380d36ed4 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 16:38:35 +0530 Subject: [PATCH 14/28] deleting integration file --- .../create-an-app-integration/main/openidconnect/integration.md | 0 .../guides/create-an-app-integration/main/saml2/integration.md | 0 .../guides/create-an-app-integration/main/scim/integration.md | 1 - .../guides/create-an-app-integration/main/swa/integration.md | 0 4 files changed, 1 deletion(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md deleted file mode 100644 index 8b137891791..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md +++ /dev/null @@ -1 +0,0 @@ - diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md deleted file mode 100644 index e69de29bb2d..00000000000 From cdb7d05779f183c9b284564a502a13f28611c2b0 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 18:29:24 +0530 Subject: [PATCH 15/28] snippet modification --- .../create-an-app-integration/main/index.md | 10 +--- .../main/openidconnect/integration.md | 1 - .../main/openidconnect/protocol-config.md | 47 +++++++++++-------- .../main/saml2/integration.md | 1 - .../main/saml2/protocol-config.md | 1 + .../main/scim/integration.md | 1 - .../main/scim/protocol-config.md | 7 ++- .../main/swa/integration.md | 1 - .../main/swa/protocol-config.md | 11 +++-- 9 files changed, 44 insertions(+), 36 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index e54f6a724ba..30ece1e67da 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -99,16 +99,10 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte 1. Go to **Applications > Applications**. 1. Click **Create App Integration**. 1. Select the required integration type in the **Sign in Method** section. -1. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration and click **Next**. -1. Configure the following integration settings on the **General Settings** tab: - + -1. Click **Save**. - - >**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. If you need to generate a new client secret under **Client Credentials**, remember to update your app with the new credentials to prevent downtime. To make your app publicly available later, see [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/). - -1. To build and finalize your implementation settings details, see +>**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). ### Create an API Service Integration diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md deleted file mode 100644 index 36e296302bc..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/integration.md +++ /dev/null @@ -1 +0,0 @@ -[Create OpenID Connect app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-oidc) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index 346b205a624..145d6b83a10 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -1,26 +1,33 @@ -* **App integration name** - Enter a name for your integration and (optionally) upload a logo. +5. Choose either **Web Application** or **Single-Page Application** as the **Application type** for your integration and click **Next**. +6. Configure the following integration settings on the **General Settings** tab: -* **Grant types** - Select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - - **Web app:** - - **Authorization Code** (mandatory for web platform applications) - - **Refresh token** (not supported for OIN app integrations) - - **Implicit (hybrid)** (optional) — click **Advanced** to select. - - >**Note:** If you're using Classic Engine, select **Implicit (hybrid)** from the **Grant type** section. + * **App integration name** - Enter a name for your integration and (optionally) upload a logo. - - **SPA:** - - **Authorization Code** - - **Implicit (hybrid)** — Click **Advanced** to select. - - >**Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. + * **Grant types** - Select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: + - **Web app:** + - **Authorization Code** (mandatory for web platform applications) + - **Refresh token** (not supported for OIN app integrations) + - **Implicit (hybrid)** (optional) — click **Advanced** to select. + + >**Note:** If you're using Classic Engine, select **Implicit (hybrid)** from the **Grant type** section. -* **Sign-in redirect URIs** - Enter the absolute URIs where Okta sends OAuth responses. You can specify more than one. + - **SPA:** + - **Authorization Code** + - **Implicit (hybrid)** — Click **Advanced** to select. + + >**Note:** For SPA app integrations, the **Authorization Code** grant type always uses PKCE to verify the client. Also, the **Client acting on behalf of itself** grant type isn't supported in OIN app integrations. -* **Sign-out redirect URIs (Optional)** - Enter the URIs where Okta redirects users after sign-out. + * **Sign-in redirect URIs** - Enter the absolute URIs where Okta sends OAuth responses. You can specify more than one. -* **Login initiation** - Configure the settings based on your sign-in initiation flow to determine how the integration appears as a tile on the Okta End-User Dashboard: - - If you only support direct SSO from your app, set **Login initiated by to App Only**. - - If you want a dashboard tile, set **Login initiated by to Either Okta or App**. This reveals the **App Embed Link** and allows you to select **Display application icon to users**. - - Set the **Login flow to Redirect to app to initiate login (OIDC compliant)** and provide the URI used to initiate the request. + * **Sign-out redirect URIs (Optional)** - Enter the URIs where Okta redirects users after sign-out. + + * **Login initiation** - Configure the settings based on your sign-in initiation flow to determine how the integration appears as a tile on the Okta End-User Dashboard: + - If you only support direct SSO from your app, set **Login initiated by to App Only**. + - If you want a dashboard tile, set **Login initiated by to Either Okta or App**. This reveals the **App Embed Link** and allows you to select **Display application icon to users**. + - Set the **Login flow to Redirect to app to initiate login (OIDC compliant)** and provide the URI used to initiate the request. + + * **Assignments** - Assign a group or leave the **Everyone** default. Ensure that the intended users are assigned to the selected group. +7. Click **Save**. + +8. To build and finalize your implementation settings details, see [Create OpenID Connect app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-oidc) -* **Assignments** - Assign a group or leave the **Everyone** default. Ensure that the intended users are assigned to the selected group. \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md deleted file mode 100644 index 9f4e2382aa4..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/integration.md +++ /dev/null @@ -1 +0,0 @@ -[Create SAML app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-saml) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index 49a2f9c9966..6960d2f9042 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -4,3 +4,4 @@ * Name ID format and attribute statement * Signed SAML assertions See [Application Integration Wizard SAML field reference](https://help.okta.com/okta_help.htm?type=oie&id=csh-attribute-statements-saml) for details. + diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md deleted file mode 100644 index 93ad4398297..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/integration.md +++ /dev/null @@ -1 +0,0 @@ -[Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md index c0b2b741c4c..1561ac4ab02 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md @@ -1 +1,6 @@ -Create an SSO integration that supports SCIM. See [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim). \ No newline at end of file +5. Ensure that you have the following integration settings ready: + + Create an SSO integration that supports SCIM. See [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim). + +6. To build and finalize your implementation settings details, see:[Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) + diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md deleted file mode 100644 index 452779f04d9..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/integration.md +++ /dev/null @@ -1 +0,0 @@ -[Create SWA app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-swa) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md index 0bfcf7b4340..33d380a6811 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/swa/protocol-config.md @@ -1,3 +1,8 @@ -* App name -* App’s login page URL -* Credential settings \ No newline at end of file +5. Ensure that you have the following integration settings ready: + + * App name + * App’s login page URL + * Credential settings + +6. To build and finalize your implementation settings details, see: [Create SWA app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-swa) + From 930f010e651237788dfd0c59b52ac9bdd4708601 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 09:56:16 -0400 Subject: [PATCH 16/28] refactoring changes --- packages/@okta/vuepress-site/conductor.yml | 52 ++++----- .../vuepress-site/docs/concepts/saml/index.md | 2 +- .../build-sso-integration/main/index.md | 103 ------------------ .../build-sso-integration/main/saml2/prep.md | 32 ------ .../main/saml2/see-also.md | 1 - .../main/saml2/protocol-config.md | 23 +++- .../main/saml2/see-also.md | 4 +- .../guides/custom-url-domain/main/index.md | 2 +- .../docs/guides/oin-sso-overview/index.md | 4 +- .../docs/guides/saml-tracer/main/index.md | 4 +- .../guides/updating-saml-cert/main/index.md | 2 +- .../docs/release-notes/2021/index.md | 2 +- 12 files changed, 58 insertions(+), 173 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md diff --git a/packages/@okta/vuepress-site/conductor.yml b/packages/@okta/vuepress-site/conductor.yml index 1cdaf440276..5e9074d8532 100644 --- a/packages/@okta/vuepress-site/conductor.yml +++ b/packages/@okta/vuepress-site/conductor.yml @@ -244,13 +244,13 @@ redirects: - from: /docs/guides/saml_guidance.html to: /standards/SAML/ - from: /docs/guides/setting_up_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/setting_up_a_saml_application_in_okta.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/examples/configuring_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/examples/configuring_a_saml_application_in_okta.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SCIM/index.html to: /docs/concepts/scim/ - from: /docs/reference/api/resource-server-beta/index.html @@ -278,7 +278,7 @@ redirects: - from: /use_cases/integrate_with_okta/provisioning/index.html to: /docs/guides/scim-provisioning-integration-overview/ - from: /use_cases/integrate_with_okta/sso-with-saml/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /use_cases/isv/embedded-occ/index.html to: https://www.okta.com/integrate/documentation/embedded-okta-cloud-connect/ - from: /use_cases/isv/isv-syslog-references/index.html @@ -462,7 +462,7 @@ redirects: - from: /docs/how-to/updating_saml_cert/index.html to: /docs/guides/updating-saml-cert/ - from: /standards/SAML/setting_up_a_saml_application_in_okta/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SAML/saml_tracer/index.html to: /docs/guides/saml-tracer/ - from: /authentication-guide/implementing-authentication/set-up-authz-server/index.html @@ -792,7 +792,7 @@ redirects: - from: /docs/how-to/updating_saml_cert to: /docs/guides/updating-saml-cert/ - from: /standards/SAML/setting_up_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SAML/saml_tracer to: /docs/guides/saml-tracer/ - from: /authentication-guide/implementing-authentication/set-up-authz-server.html @@ -1066,7 +1066,7 @@ redirects: - from: /guides/revoke-tokens/-/overview/index.html to: /docs/guides/revoke-tokens/-/overview/ - from: /guides/saml-application-setup/-/overview/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /guides/sharing-cert/-/generate-new-credential/index.html to: /docs/guides/sharing-cert/main/#generate-a-new-credential-for-the-source-app - from: /guides/sharing-cert/-/overview/index.html @@ -1326,7 +1326,7 @@ redirects: - from: /guides/revoke-tokens/index.html to: /docs/guides/revoke-tokens/ - from: /guides/saml-application-setup/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /guides/session-cookie/index.html to: /docs/guides/session-cookie/ - from: /guides/sharing-cert/index.html @@ -1872,19 +1872,19 @@ redirects: - from: /docs/guides/build-sso-integration/oidc/before-you-begin/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/before-you-begin/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/oidc/create-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/create-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/oidc/submit-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/submit-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/oidc/test-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/test-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/submit-app/prepare-for-submission/index.html to: /docs/guides/submit-app-prereq/ - from: /docs/guides/submit-app/submit/index.html @@ -1896,7 +1896,7 @@ redirects: - from: /docs/guides/build-sso-integration/openidconnect/submit-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/submit-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-provisioning-integration/prepare-guide/index.html to: /docs/guides/scim-provisioning-integration-test/main/#next-steps - from: /docs/api/resources/oidc.html/index.html @@ -4174,29 +4174,29 @@ redirects: - from: /docs/guides/build-sso-integration/-/next-steps/index.html to: /docs/guides/build-sso-integration/ - from: /docs/guides/build-sso-integration/saml2/overview - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/before-you-begin - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/create-your-app - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/specify-your-settings - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/test-your-app - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/next-steps - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/overview/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/before-you-begin/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/create-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/specify-your-settings/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/test-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/next-steps/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/openidconnect/overview to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/openidconnect/before-you-begin diff --git a/packages/@okta/vuepress-site/docs/concepts/saml/index.md b/packages/@okta/vuepress-site/docs/concepts/saml/index.md index 7c19f0340a7..b69fb7d3049 100644 --- a/packages/@okta/vuepress-site/docs/concepts/saml/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/saml/index.md @@ -175,4 +175,4 @@ This is important when you want to SAML-enable all users in your app. Sometimes, ### SAML toolkits -- [Use SAML toolkits](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/#use-saml-toolkits) +- [Use SAML toolkits](https://developer.okta.com/docs/guides/create-an-app-integration/saml2/main/#use-saml-toolkits) diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md deleted file mode 100644 index e5686041551..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Build a Single Sign-On (SSO) integration -excerpt: Create an app integration using Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). -meta: - - name: description - content: Use this guide to learn how to integrate federated Single Sign-On with Okta for your app. -layout: Guides ---- - -This guide teaches you how to integrate your federated SSO application with Okta. This guide assumes that you intend to make this app integration public by publishing it in the Okta Integration Network (OIN). - ---- - -#### Learning outcome - -Create and test an SSO app integration for OIN submission. - -#### What you need - -* [Okta Integrator Free Plan org](https://developer.okta.com/signup/) -* An app to integrate SSO with Okta - ---- - -## Overview - -Single Sign-On (SSO) is an authentication method that enables end users to sign in to multiple applications (apps) with one set of credentials. If you have customers that use Okta as an Identity Provider, you want to publish your SSO app integration to the OIN. By having your integration in the OIN catalog, your customers can easily configure SSO for your app. See [Overview of Single Sign-On in the OIN](/docs/guides/oin-sso-overview) for all the benefits of having your integration in the OIN catalog. - -To create an SSO integration for the OIN, first sign up for a free [Integrator Free Plan org](https://developer.okta.com/signup/). Next, select the type of SSO protocol that you want to implement. Okta supports two SSO standards for your integration: - -* **OpenID Connect (OIDC)** (preferred) -* **Security Assertion Markup Language (SAML)** - -Okta recommends using OIDC for new SSO integrations. - -> **Note:** Not all Okta SSO features are supported in the OIN. See [OIN limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). - -### Deployment models - -After you've decided on a protocol, select a deployment model. Okta offers [redirect](/docs/concepts/redirect-vs-embedded/#redirect-authentication) or [embedded](/docs/concepts/redirect-vs-embedded/#embedded-authentication) authentication deploy models. Redirect authentication uses the [Okta Sign-In Widget](https://github.com/okta/okta-signin-widget#okta-sign-in-widget) and is the easiest, most secure way to integrate with Okta. - -Okta recommends the redirect authentication deployment model if your situation meets the [requirements](/docs/concepts/redirect-vs-embedded/#redirect-okta-hosted-vs-embedded-self-hosted). For more information on deployment models, see [Okta deployment models—redirect vs. embedded](/docs/concepts/redirect-vs-embedded/). - -## Build your integration - - - -## Create your integration in Okta - -> **Note**: This section assumes that you already built the SSO integration in your app. - -Instructions for adding your SSO integration into Okta depend on if you want to provide a public or private integration: - -
- -![Public or private integration decision](/img/oin/publicOrPrivateIntegration.png) - -
- - - -### Submit an OIN integration - -If you want to publish your integration in the Okta Integration Network (OIN), follow the instructions in [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/). This guide shows you how to use the OIN Wizard to: - -* Add required integration artifacts and metadata. -* Create an app integration instance for testing. -* Test your SSO flows. -* Submit your integration for OIN verification. - -Having your SSO integration public in the OIN catalog provides you with exposure to all Okta customers. - -> **Notes:** -> * Creating an app integration instance doesn't automatically make it available in the [OIN](https://www.okta.com/integrations/). After you test your integration, [submit it](/docs/guides/submit-oin-app/-/main/#submit-your-integration) to the OIN team for verification and publication. -> * The OIN Wizard doesn't support new SSO integrations with more than three app instance variables or advanced SAML features. - -### Add a private integration - -If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/add-private-app/). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: - -* Create your app integration instance. -* Test your SSO flows. - -Your org users can access your app after SSO is configured. - -The following are common use cases for adding a private SSO integration: - -* I want to test my SSO integration in my Integrator Free Plan org. I have no immediate plans to have it publicly available. -* I want my SSO integration to only be available in the org I'm using. -* I have a SAML integration with more than three instance variables and advanced SAML features that aren't included in the OIN Wizard. - -## Next steps - -If you want to publish your integration, start the submission process to have your SSO integration included in the OIN: - -* Review the [Publish an OIN integration](/docs/guides/submit-app-overview/) overview to understand the submission process for publishing an integration. -* Follow the [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/) guide to submit your SSO integration. - -## See also - - diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md deleted file mode 100644 index 75ee3a08a02..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md +++ /dev/null @@ -1,32 +0,0 @@ -If you're unfamiliar with [SAML 2.0](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html), review the following Okta topics first: - -* [SAML concept](/docs/concepts/saml/) -* [Okta SAML FAQs](/docs/concepts/saml/faqs/) - -### Use SAML toolkits - -To quickly build your SSO integration, use an open source or paid tool kit to implement SAML 2.0. Use these different language kits to create the Service Provider WebSSO profile: - -* .NET framework 4.5 or later: [Sustainsys.Saml2](https://github.com/Sustainsys/Saml2) (Kentor authentication services) -* .NET framework 4.0 or earlier: [ComponentSpace SAML 2.0 for ASP.NET and ASP.NET Core](https://www.componentspace.com/) (paid software) -* Java: [OpenSAML](https://wiki.shibboleth.net/confluence/display/OS30/Home) (part of the [Shibboleth Development Project](https://www.shibboleth.net/)) -* Java: [Spring Security SAML](/code/java/spring_security_saml) -* Python: [PySAML2](/code/python/pysaml2) -* Ruby: [Ruby-SAML](https://github.com/onelogin/ruby-saml) - ->**Note:** Okta doesn't own or maintain these toolkits. - -### Gather SAML attributes - -Obtain SAML integration attributes before you create an app integration instance in Okta. - -In a SAML integration, Okta is the Identity Provider (IdP), and your app is the Service Provider (SP). - -1. Determine the default assertion consumer service (ACS) URL for your integration. This is often referred to as the SP sign-in URL. This is the endpoint on your app where the SAML responses are posted. -1. Find your audience URI. This is sometimes referred to as the SP entity ID or the entity ID of your app. -1. Set up a default relay state page, where users land after they successfully sign in to the SP using SAML. This must be a valid URL. (Optional) -1. Gather any required SAML attributes that are relevant to the target app. You can share Okta user profile values or group memberships as SAML attributes with your app. - ->**Notes:** Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may have issues or even reject large SAML payloads. Okta recommends that you keep the number of attributes to a minimum and include only those necessary for the app. -> ->SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/). diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md deleted file mode 100644 index 8d7441b0255..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md +++ /dev/null @@ -1 +0,0 @@ -[Okta Developer Forum: SAML](https://devforum.okta.com/search?q=saml) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index 49a2f9c9966..f04efe2cc8d 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -1,6 +1,25 @@ +In a SAML integration, Okta is the Identity Provider (IdP), and your app is the Service Provider (SP). Gather the following SAML integration attributes before you create the app integration in Okta: + * App name -* SSO URL or ACS URL -* Audience URI (SP Entity ID) +* SSO URL or ACS URL: the default assertion consumer service URL, sometimes referred to as the SP sign-in URL. This is the endpoint on your app where the SAML responses are posted. +* Audience URI (SP Entity ID): sometimes referred to as the entity ID of your app. +* Default relay state page (optional): where users land after they successfully sign in to the SP using SAML. This must be a valid URL. * Name ID format and attribute statement * Signed SAML assertions +* Any required SAML attributes that are relevant to the target app. You can share Okta user profile values or group memberships as SAML attributes with your app. + +To quickly build your SSO integration, use an open source or paid toolkit to implement SAML 2.0. Use these different language kits to create the Service Provider WebSSO profile: + +* .NET framework 4.5 or later: [Sustainsys.Saml2](https://github.com/Sustainsys/Saml2) (Kentor authentication services) +* .NET framework 4.0 or earlier: [ComponentSpace SAML 2.0 for ASP.NET and ASP.NET Core](https://www.componentspace.com/) (paid software) +* Java: [OpenSAML](https://wiki.shibboleth.net/confluence/display/OS30/Home) (part of the [Shibboleth Development Project](https://www.shibboleth.net/)) +* Java: [Spring Security SAML](/code/java/spring_security_saml) +* Python: [PySAML2](/code/python/pysaml2) +* Ruby: [Ruby-SAML](https://github.com/onelogin/ruby-saml) + +>**Notes:** +>* Okta doesn't own or maintain these toolkits. +>* Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may have issues or even reject large SAML payloads. Okta recommends that you keep the number of attributes to a minimum and include only those necessary for the app. +>* SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/). + See [Application Integration Wizard SAML field reference](https://help.okta.com/okta_help.htm?type=oie&id=csh-attribute-statements-saml) for details. diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md index 1d406e45e98..0d7c2753710 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md @@ -1,2 +1,4 @@ * See [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/) for information on submitting your integration for publication in the OIN. -* See [SAML technical questions](https://developer.okta.com/docs/concepts/saml/faqs/) for answers to common questions about SAML integrations. \ No newline at end of file +* See [SAML technical questions](https://developer.okta.com/docs/concepts/saml/faqs/) for answers to common questions about SAML integrations. +* For an overview of how Okta uses SAML, see the [SAML concept](/docs/concepts/saml/) topic. +* For the SAML 2.0 specification, see the [SAML 2.0 Technical Overview](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). diff --git a/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md b/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md index 88b536b0d01..a5f461c5dcc 100644 --- a/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md @@ -110,7 +110,7 @@ The third generation of the Okta Sign-In Widget doesn’t guarantee the stabilit * Okta supports 2048, 3072, and 4096-bit keys for the private key that you upload. However, your certificate chain can use keys of any size. -* If you configure any SAML or WS-Fed integrated apps in your org, review the setup instructions for [SAML SSO](/docs/guides/build-sso-integration/saml2/main/) or [WS-Fed SSO](https://help.okta.com/okta_help.htm?id=ext_Apps_Configuring_WS_Federation). Update those SAML or WS-Fed Service Provider integrations to use the new custom URL in the metadata. Your customers then see the new custom domain rather than the Okta org domain. +* If you configure any SAML or WS-Fed integrated apps in your org, review the setup instructions for [SAML SSO](/docs/guides/create-an-app-integration/saml2/main/) or [WS-Fed SSO](https://help.okta.com/okta_help.htm?id=ext_Apps_Configuring_WS_Federation). Update those SAML or WS-Fed Service Provider integrations to use the new custom URL in the metadata. Your customers then see the new custom domain rather than the Okta org domain. * If you sign a user in with your new custom domain, they may need to sign in more than once. If your user tries to SSO into previous OIDC integrations that are made with the org domain, they're prompted to sign in again. To avoid this, you need to change the issuer in these integrations to your custom URL in both the Okta dashboard and your codebase. diff --git a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md index e5cbf6f92b7..0c8e85c9adc 100644 --- a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md +++ b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md @@ -35,7 +35,7 @@ Okta supports two protocols for handling federated SSO: OpenID Connect (OIDC) an | **Benefits** |
  • A newer protocol with widespread and growing use
  • Best Okta customer configuration experience
  • Ideal for mobile and cloud apps
|
  • Many people are familiar with SAML because it's an older protocol
  • Widely used federation protocol for SSO in web apps
  • Many SaaS providers support SAML integration to grant SSO access to end users
| | **Technology** |
  • An identity layer on top of the [OAuth 2.0](https://oauth.net/2/) protocol
  • Verifies end user identity and obtains profile information
  • Lightweight and REST-based
|
  • XML-based messages
  • The specification doesn’t have user consent, although it can be built into the flow
| | **Resources** |
  • [OpenID Connect Foundation](https://openid.net/connect/)
|
  • [SAML 2.0 Technical Overview](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
| -| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/build-sso-integration/saml2/main/)
| +| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| > **Note:** For specific OIDC and SAML protocol features not supported in the OIN, see [OIN submission limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). @@ -99,7 +99,7 @@ Ready to get started? Choose how you want to implement your SSO app integration: Build an Okta SSO integration with OIDC -Build an Okta SSO integration with SAML +Build an Okta SSO integration with SAML
diff --git a/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md b/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md index 17cf7057566..d68d7b89357 100644 --- a/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md @@ -15,7 +15,7 @@ This guide explains how to test a SAML app implementation with the SAML-tracer b #### What you need -A SAML app to test. See [Prepare a SAML integration](/docs/guides/build-sso-integration/saml2/main/#prepare-a-saml-integration). +A SAML app to test. See [Prepare a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-a-saml-integration). --- @@ -255,4 +255,4 @@ SAML responses are signed and contain the profile attributes of the person who r * [SAML overview](https://developer.okta.com/docs/concepts/saml/) * [SAML FAQ](https://developer.okta.com/docs/concepts/saml/faqs/) -* [Prepare a SAML integration](/docs/guides/build-sso-integration/saml2/main/#prepare-a-saml-integration) +* [Prepare a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-a-saml-integration) diff --git a/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md b/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md index 941ab624a98..f17eda8f5f2 100644 --- a/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md @@ -15,7 +15,7 @@ Upgrade Okta SAML apps from using SHA1 certificates to more secure SHA256 certif #### What you need -A SAML app to upgrade. See [Building a SAML SSO integration](/docs/guides/build-sso-integration/saml2/main/#prepare-your-integration). +A SAML app to upgrade. See [Building a SAML SSO integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-your-integration). --- diff --git a/packages/@okta/vuepress-site/docs/release-notes/2021/index.md b/packages/@okta/vuepress-site/docs/release-notes/2021/index.md index 7242c5bfb74..87faa96ea64 100644 --- a/packages/@okta/vuepress-site/docs/release-notes/2021/index.md +++ b/packages/@okta/vuepress-site/docs/release-notes/2021/index.md @@ -267,7 +267,7 @@ The `audience` parameter of the `/authn` [endpoint](/docs/reference/api/authn/#p #### SAML assertion preview populates with real data -After a developer creates a SAML App integration in the Okta Admin Console, the preview of a generated SAML assertion now uses real data instead of mock data. See [Create a SAML integration](/docs/guides/build-sso-integration/saml2/main/#create-a-saml-integration). +After a developer creates a SAML App integration in the Okta Admin Console, the preview of a generated SAML assertion now uses real data instead of mock data. See [Create a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#create-a-saml-integration). #### Dynamic Issuer Mode is EA in Preview From 3a8eff2fe20fffb2a1d2b3cd323a5a17ad43f907 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:04:10 -0400 Subject: [PATCH 17/28] removes deleted files --- .../guides/build-sso-integration/index.md | 10 -- .../main/openidconnect/prep.md | 145 ------------------ .../main/openidconnect/see-also.md | 5 - 3 files changed, 160 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md deleted file mode 100644 index 66f9a8594fe..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Build a Single Sign-On (SSO) integration -excerpt: Build an SSO app integration using SAML or OIDC for the OIN. -meta: - - name: description - content: Use this guide to learn how to build a federated Single Sign-On integration with Okta. -layout: Guides -sections: - - main ---- diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md deleted file mode 100644 index eba73113c2f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md +++ /dev/null @@ -1,145 +0,0 @@ -If you haven't built the OIDC service in your app yet, review the [OAuth 2.0 and OpenID Connect Overview](/docs/concepts/oauth-openid/). - -For OIDC integrations that you want to publish in the OIN catalog, review the following implementation topics: - -1. Use the Authorization Code flow with client secrets for your app. Select **Web Application** as the OIDC app type when you create your app integration in your Okta org. -1. [Determine the scopes](#scopes) that you require for your OIDC client (your app). -1. Consider how your app stores [customer client credentials](#oidc-customer-org-credentials). -1. Understand how to [validate tokens](#token-validation) in your OIDC client. - - > **Note:** You can't use the Okta SDKs to validate access tokens for apps in the OIN. This is due to the OIN restriction of using an org authorization server and the Authorization Code flow. - -1. Implement credential rotation in your app. - - Your app must support automatic credential rotation. See [key rotation](#key-rotation). -1. Determine the sign-in redirect URIs for your app. - - A redirect URI is where Okta sends the authentication response and ID token during the sign-in flow. You can specify more than one URI if required. - -1. [Consider rate limits](#rate-limit-considerations) when you build your integration. - -After you've built the SSO integration in your app with the previous guidance list, test it with an Okta app integration instance. See [Create your integration in Okta](#create-your-integration-in-okta). - -### OIDC customer org credentials - -Okta uses a [multi-tenant](/docs/guides/oin-sso-overview/#okta-organization-and-multi-tenancy) local credential system for OIDC integrations. When your customer adds your integration in their Okta org, they obtain a unique set of OIDC credentials. Each instance of your app integration inside a customer org has a separate set of OIDC client credentials that are used to access your app. - -This multi-tenant approach differs from other IdPs that use a global credential system, where a given app has the same customer credentials across all orgs. - -See the [OIN multi-tenancy](/docs/guides/submit-app-prereq/main/#oin-multi-tenancy) requirement. - -You must track client credentials for each app integration instance for your app. For example, consider a scenario where your app integration is added to 10 separate customer orgs. Seven of those customers create a single instance of your app integration. However, the other three customers each create two separate instances of your app integration so they can use different configuration options. This scenario creates a total of 13 sets of client credentials for your app that you need to track. - -### Determine the OAuth 2.0 flow to use - -> **Note:** Quickstarts and example links provided in this section may use features not supported in the OIN. For example, the use of a custom authorization server isn't supported. - -Select the OAuth 2.0 flow to use based on your app: - -* For web apps: - - Okta mandates the [Authorization Code flow](/docs/guides/implement-grant-type/authcode/main/). This flow is used for apps with a dedicated server-side backend capable of securely storing a client secret. The app integration can also exchange information with an authorization server through trusted back-channel connections. - > **Note:** The implicit flow is extremely challenging to implement securely. Therefore, Okta doesn’t recommend its use for token exchange in web apps. If your use case requires the use of an implicit flow for token exchange, contact [Okta Support](https://support.okta.com). - -* For single-page apps (SPA) and mobile apps: - - The OIN doesn’t support direct authentication from SPAs or native mobile apps. Instead, your backend systems must handle authentication. - -In this architecture, your SPA or mobile app shouldn’t manage tokens directly. Instead, use an intermediary system, such as an API gateway or a backend-for-frontend service, to facilitate communication between your client app and the resource server. Okta recommends implementing the authorization code flow for secure authentication and token exchange. - -> **Notes:** -> * Ensure that you select **Web Application** as the OIDC app type when you create your app integration in your Okta org. -> * Native and mobile app integrations aren't accepted as OIDC app integrations in the OIN unless they use server-side authentication patterns. Set up your app to use an authentication flow that allows your client app to talk to your SaaS backend. Your SaaS backend can then securely communicate with Okta through trusted back-channel connections. See [Implement the authorization code flow](/docs/guides/implement-grant-type/authcode/main/) to implement the OAuth 2.0 flow - -When you follow these guides, be aware of the authorization server used. Most of the examples show you how to make an `/authorize` or `/token` request using a [custom authorization server](/docs/concepts/auth-servers/#custom-authorization-server). To support the potentially large number of Okta orgs accessing it through the OIN, an OIDC integration can't use a custom authorization server (this includes the `default` server). Therefore, for OIN OIDC apps, you can only use the [org authorization server](/docs/concepts/auth-servers/#org-authorization-server). - -For example, the following are the various `/authorize` request URLs for the different authorization servers: - -**custom authorization server**: `https://{customerOktaDomain}/oauth2/{authorizationServerId}/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -**default custom authorization server**(`{authorizationServerId}=default`): `https://{customerOktaDomain}/oauth2/default/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -**org authorization server**:`https://{customerOktaDomain}/oauth2/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -Make sure you only use the **org authorization server** URL. - -> **Notes:** -> * When you use the org authorization server, the issuer URL is `https://{yourOktaDomain}`. -> * The `refresh_token` option isn't supported for apps published in the OIN. - -### Scopes - -Your OIDC client needs to use scope values to define the access privileges being requested with individual access tokens. The scopes associated with access tokens determine what resources are available when the tokens are used to access the protected endpoints. You can use scopes to request that specific sets of values be available as claim information about the end user. - -The only scope that you must declare is `openid`. When the authentication request is sent to Okta, the `openid` scope identifies the request as being an OIDC request. - -Other optional scopes available (these are returned from the `/userinfo` endpoint): - -* `profile`: The end user's default profile claims: `name`, `family_name`, `given_name`, `middle_name`, `nickname`, `preferred_username`, `profile`, `picture`, `website`, `gender`, `birthdate`, `zoneinfo`, `locale`, and `updated_at` -* `email`: Requests access to the `email` and `email_verified` claims - - > **Note:** Don't rely on the `email_verified` scope-dependent claim returned by an OIDC integration to evaluate whether a user has verified ownership of the email address associated with their profile. - -* `address`: Requests access to the `address` claim -* `phone`: Requests access to the `phone_number` and `phone_number_verified` claims - -> **Note**: The following scopes aren't supported for integrations published in the OIN: -> * `offline_access` scope (since refresh tokens aren't supported) -> * Custom scopes (such as the `groups` scope). You can only request the [OIDC scopes](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/#scopes). You can't configure custom scopes. - -Okta uses access policies to decide whether to grant scopes. If any of the requested scopes are rejected by the access policies, Okta rejects the request. - -### Uniform Resource Identifier (URI) - -There are three URIs that you need to consider when creating an OIDC app for the OIN: - -1. **Sign-in redirect URIs**: After the user is successfully authorized by Okta, this is the callback location where the user is directed along with the authorization code. This URI must exactly match at least one of the redirect URI values that are pre-registered in the Okta app integration settings. -2. Optional. **Initiate login URI**: This URI is used if the app is launched from the End-User Dashboard (known as an IdP-initiated flow), and you want your Okta integration to handle redirecting your users to your app to start the sign-in request. When users click your app in their End-User Dashboard, they’re redirected to the `initiate_login_uri` of the client app, which constructs the authentication request and redirects the end user back to the authorization server. This URI must exactly match the Initiate URI value that is pre-registered in the Okta app integration settings. -3. Optional. **Sign-out redirect URIs**: A location to send the user after a sign-out operation is performed and their session is terminated. Otherwise, the user is redirected back to the sign-in page. - -### Token validation - -For checking access tokens, the `/introspect` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/introspectCustomAS) takes your token as a URL query parameter and then returns a simple JSON response with the boolean `active` property. - -As OIN app integrations can't use custom authorization servers, you must use remote token validation (through the Introspection API endpoint) for access tokens and local validation for ID tokens. - -This remote validation incurs a network cost, but you can use it when you want to guarantee that the access token hasn't been revoked. - -> **Note:** You can't use the Okta SDKs for OIN app integration development if you need to validate access tokens with the org authorization server. This is due to the OIN restriction of using an org authorization server and the Authorization Code flow. - -### Key rotation - -The standard behavior in identity and access management is to rotate the keys used to sign tokens. Okta changes these keys typically four times a year (every 90 days), but that rotation schedule can change without notice. Okta automatically rotates the keys for your authorization server on a regular basis. - -Your OIDC client should periodically query the `/keys` endpoint and retrieve the JSON Web Key Set. This key set contains the public keys used to verify the signatures of the tokens received from Okta. You can cache the keys to improve performance, but be aware that verification fails when Okta automatically rotates the keys. - -See [key rotation](/docs/concepts/key-rotation/) or the `/keys` [API endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/oauthKeysCustomAS) for specific details on handling queries and responses. - -### Rate limit considerations - -When you construct your SSO app, be aware of the limits on requests to Okta APIs. For information on the rate-limit categories, see the [Rate limits overview](/docs/reference/rate-limits/). Okta provides three headers in each response to report on both concurrent and org-wide rate limits. - -For org-wide rate limits, the following three headers are provided: - -* `X-Rate-Limit-Limit`: The rate limit ceiling that applies to the current request -* `X-Rate-Limit-Remaining`: The amount of requests left for the current rate-limit window -* `X-Rate-Limit-Reset`: The time when the rate limit resets, specified in UTC epoch time - -To monitor org-wide rate limits, include code in your app to check the relevant headers in the response. - -For concurrent rate limits, the three headers behave a little differently: - -* When the number of unfinished requests is below the concurrent rate limit, request headers only report org-wide rate limits. -* After you exceed a concurrent rate limit, the headers report that the limit has been exceeded. -* When you drop back down below the concurrent rate limit, the headers switch back to reporting the time-based rate limits. -* The first two header values are always `0` for concurrent rate limit errors. The third header reports an estimated time interval when the concurrent rate limit may be resolved. -* The `X-Rate-Limit-Reset` time for concurrent rate limits is only a suggested value. There's no guarantee that enough requests can complete for the requests to go below the concurrent rate limit at the time indicated. - -The error condition resolves itself when there's another concurrent thread available. Normally no intervention is required. You may be exceeding the concurrent rate limit if you notice frequent bursts of HTTP 429 errors. Examine the activities in the log before the burst of HTTP 429 errors appeared. If you can't identify what is causing you to exceed the limit, contact [Okta Support](https://support.okta.com). - -You can request a temporary rate limit increase if you anticipate a large number of requests over a specified time period. Contact [Okta Support](https://support.okta.com) to open a ticket to permit the exception. See [How to Request a Temporary Rate Limit Increase](https://support.okta.com/help/s/article/How-can-we-request-to-have-the-rate-limit-for-our-org-temporarily-increased?language=en_US). - -> **Note:** The following public metadata endpoints aren't subjected to rate limits: -> * `/oauth2/v1/keys` -> * `/.well-known/openid-configuration` -> * `/.well-known/oauth-authorization-server` diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md deleted file mode 100644 index d78bbb117d4..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md +++ /dev/null @@ -1,5 +0,0 @@ -* [OAuth 2.0 vs. OpenID Connect](/docs/concepts/oauth-openid/#oauth-2-0-vs-openid-connect) -* [Express Configuration](/docs/guides/express-configuration/main/) -* [Okta Developer Forum: OIDC](https://devforum.okta.com/search?q=oidc) -* [Redirect authentication](/docs/guides/redirect-authentication/): for language and platform-specific redirect authentication guides -* [Embedded authentication](/docs/guides/embedded-authentication/): for language, platform-specific, and embedded-authentication use case guides \ No newline at end of file From 843fbc33ce72a32013f08ddf94ed4d4257f79267 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:08:15 -0400 Subject: [PATCH 18/28] fix --- packages/@okta/vuepress-site/docs/guides/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/@okta/vuepress-site/docs/guides/index.md b/packages/@okta/vuepress-site/docs/guides/index.md index c7dbaf7e7d8..aa546a67da2 100644 --- a/packages/@okta/vuepress-site/docs/guides/index.md +++ b/packages/@okta/vuepress-site/docs/guides/index.md @@ -90,7 +90,6 @@ guides: - secure-hooks - single-logout - signup-oktahosted - - build-sso-integration - custom-sms-messaging - submit-app - submit-app-prereq From f585493de1609a13b559aba390ba67de8ff89905 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:42:54 -0400 Subject: [PATCH 19/28] mirroring janu changes to avoid broken build check --- packages/@okta/vuepress-site/code/python/pysaml2/index.md | 4 ++-- .../vuepress-site/docs/concepts/how-okta-works/index.md | 2 +- .../docs/concepts/redirect-vs-embedded/index.md | 2 +- .../vuepress-site/docs/guides/add-private-app/main/index.md | 2 +- .../vuepress-site/docs/guides/oin-sso-overview/index.md | 6 +++--- .../scim-provisioning-integration-overview/main/index.md | 2 +- .../docs/guides/sign-in-overview/main/index.md | 1 - .../guides/submit-oin-app/main/openidconnect/what-need.md | 2 +- .../docs/guides/submit-oin-app/main/saml2/what-need.md | 2 +- .../docs/guides/submit-oin-app/main/scim/what-need.md | 2 +- .../vuepress-site/docs/reference/org-defaults/index.md | 2 +- 11 files changed, 13 insertions(+), 14 deletions(-) diff --git a/packages/@okta/vuepress-site/code/python/pysaml2/index.md b/packages/@okta/vuepress-site/code/python/pysaml2/index.md index 54772cda8be..4233443dd50 100755 --- a/packages/@okta/vuepress-site/code/python/pysaml2/index.md +++ b/packages/@okta/vuepress-site/code/python/pysaml2/index.md @@ -25,8 +25,8 @@ If you're already familiar with Okta, you can skip to the section titled "Config Before you can configure your application and PySAML2, set up an Okta application icon that enables an Okta user to sign in to your application with SAML and PySAML2. -To set up Okta to connect to your application, follow the [Build a Single Sign-On Integration](/docs/guides/build-sso-integration/saml2/main/) -guide. As noted in the [Create your integration](/docs/guides/build-sso-integration/saml2/main/#create-your-integration) instructions, there are two steps to change: +To set up Okta to connect to your application, follow the [Build a Single Sign-On Integration](/docs/guides/sign-in-overview/main/) +guide. As noted in the [Create your integration](/docs/guides/submit-app-prereq/main/) instructions, there are two steps to change: * In step \#9: Use **PySAML2 Example** instead of **Example SAML application**. * In step \#10: When entering the URL: diff --git a/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md b/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md index affbc61506f..1a9ed88d16f 100644 --- a/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md @@ -23,7 +23,7 @@ You can use Okta to [secure your APIs](/docs/guides/protect-your-api/) and appli ##### You have more than one app, and you want to implement Single Sign-On (SSO) -Use Okta to allow your users to [sign in to other applications](/docs/guides/build-sso-integration/) instead of requiring them to remember separate sets of credentials for each application or service. Users can simply sign in once and access your full suite of applications. +Use Okta to allow your users to [sign in to other applications](/docs/guides/sign-in-overview/main/) instead of requiring them to remember separate sets of credentials for each application or service. Users can simply sign in once and access your full suite of applications. ##### You want to enforce multifactor authentication (MFA) when your users want to access sensitive data diff --git a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md index 14026f28010..e1c453f210b 100644 --- a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md @@ -47,7 +47,7 @@ The user or system is redirected to Okta for credential verification. The user o You can customize your app's [domain](/docs/guides/custom-url-domain/) and the [Okta Sign-In Widget style](/docs/guides/custom-widget/) to match your brand. -> **Note**: [SSO](/docs/guides/build-sso-integration/) is supported for redirect authentication. This means that Okta may create a session (based on the Okta policies, for example). Other integrated apps can then use SSO to sign users in. +> **Note**: [SSO](/docs/guides/sign-in-overview/main/) is supported for redirect authentication. This means that Okta may create a session (based on the Okta policies, for example). Other integrated apps can then use SSO to sign users in. Consider, for example, when an organization uses Okta as its Identity Provider: diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md index 7db847b06f8..9ccbb5fa106 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md @@ -17,7 +17,7 @@ Use this guide to add a private, custom Single Sign-On (SSO) OpenID Connect (OID #### What you need -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/sign-in-overview/main/) guide * An Okta org (such as an [Okta Integrator Free Plan org](https://developer.okta.com/signup)) --- diff --git a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md index 0c8e85c9adc..0c5fd3125d0 100644 --- a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md +++ b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md @@ -9,7 +9,7 @@ The Okta Integration Network (OIN) is a collection of over 7000 pre-built app in To get your app integration into the OIN: -1. [Build an app integration](/docs/guides/build-sso-integration/) using a free [Okta Integrator Free Plan org](https://developer.okta.com/signup/) and any of the wide array of [languages and libraries](/code/) supported by Okta. +1. [Build an app integration](/docs/guides/sign-in-overview/main/) using a free [Okta Integrator Free Plan org](https://developer.okta.com/signup/) and any of the wide array of [languages and libraries](/code/) supported by Okta. 1. [Submit your app](/docs/guides/submit-app-overview/) integration for verification and approval by the Okta OIN team. Your integration is available in the OIN for the Okta community to use after Okta validates and publishes your app integration. @@ -35,7 +35,7 @@ Okta supports two protocols for handling federated SSO: OpenID Connect (OIDC) an | **Benefits** |
  • A newer protocol with widespread and growing use
  • Best Okta customer configuration experience
  • Ideal for mobile and cloud apps
|
  • Many people are familiar with SAML because it's an older protocol
  • Widely used federation protocol for SSO in web apps
  • Many SaaS providers support SAML integration to grant SSO access to end users
| | **Technology** |
  • An identity layer on top of the [OAuth 2.0](https://oauth.net/2/) protocol
  • Verifies end user identity and obtains profile information
  • Lightweight and REST-based
|
  • XML-based messages
  • The specification doesn’t have user consent, although it can be built into the flow
| | **Resources** |
  • [OpenID Connect Foundation](https://openid.net/connect/)
|
  • [SAML 2.0 Technical Overview](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
| -| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| +| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/sign-in-overview/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| > **Note:** For specific OIDC and SAML protocol features not supported in the OIN, see [OIN submission limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). @@ -97,7 +97,7 @@ Ramon is an Initech employee with access to the Acme app. Follow his SSO journey Ready to get started? Choose how you want to implement your SSO app integration: -Build an Okta SSO integration with OIDC +Build an Okta SSO integration with OIDC Build an Okta SSO integration with SAML diff --git a/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md b/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md index 020969d9d3b..143b04e9bd4 100644 --- a/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md @@ -33,7 +33,7 @@ If you need more detail on the concepts behind lifecycle management with SCIM an While many ISVs have custom APIs for managing user accounts, this guide assumes that you use the [System for Cross-domain Identity Management](https://scim.cloud) (SCIM) protocol. The SCIM protocol is an industry standard that supports all the needed features for lifecycle provisioning. For more technical details on how you can take advantage of the SCIM API with Okta, see our [SCIM Protocol reference](https://developer.okta.com/docs/api/openapi/okta-scim/guides/). -Your Okta integration should use Single Sign-On (SSO) to initiate end user authentication. Learn how to set up your integration with SSO in our [Build a Single Sign-On (SSO) integration](/docs/guides/build-sso-integration/) guide. +Your Okta integration should use Single Sign-On (SSO) to initiate end user authentication. Learn how to set up your integration with SSO in our [Build a Single Sign-On (SSO) integration](/docs/guides/sign-in-overview/main/) guide. ## Guides diff --git a/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md b/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md index 3197741df9b..7bfdffb5bb3 100644 --- a/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md @@ -54,4 +54,3 @@ If you’re a Classic Engine customer who wants to upgrade their apps to use Ide * [Add an external identity provider](/docs/guides/identity-providers/) * [Configure an access policy](/docs/guides/configure-access-policy/main/) * [Configure a global session policy and app sign-in policies](/docs/guides/configure-signon-policy/main/) -* [Build a Single Sign-On (SSO) integration](/docs/guides/build-sso-integration/openidconnect/main/) diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md index 37828ef0352..67f8eba634f 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md @@ -1,3 +1,3 @@ -* A functional integration that's based on the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) or [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) guide +* A functional integration that's based on the [Sign users in overview](/docs/guides/sign-in-overview/main/) * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md index 37828ef0352..67f8eba634f 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md @@ -1,3 +1,3 @@ -* A functional integration that's based on the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) or [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) guide +* A functional integration that's based on the [Sign users in overview](/docs/guides/sign-in-overview/main/) * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md index a42ab223e93..53bcd171dc6 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md @@ -1,3 +1,3 @@ * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) -* A functional integration that's based on the [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) and the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide \ No newline at end of file +* A functional integration that's based on the [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) and the [Sign users in overview](/docs/guides/sign-in-overview/main/) guide. \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md b/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md index 7d207d1de5a..9216492db0c 100644 --- a/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md +++ b/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md @@ -24,7 +24,7 @@ The Integrator Free Plan org is provisioned with the features in the following t | Feature | Description | |---------------------------------------------|------------------------------------------------| -| SSO (Single Sign-On) | Provides capabilities to incorporate SSO authentication for your users. See [Build a Single Sign-On (SSO) Integration](/docs/guides/build-sso-integration/-/main/). | +| SSO (Single Sign-On) | Provides capabilities to incorporate SSO authentication for your users. See [Build a Single Sign-On (SSO) Integration](/docs/guides/sign-in-overview/main/). | | UD (Universal Directory) | Stores and manages your user information. See [What is the Okta Universal Directory](/docs/concepts/user-profiles/#what-is-the-okta-universal-directory). | | AMFA (Adaptive Multifactor Authentication) | Provides capabilities to implement authentication based on risk. See [Authentication factors](/docs/concepts/iam-overview-authentication-factors/). | | LCM (Lifecycle Management) | Manages the process of access to apps and resources over the lifecycle of a user. See [Overview of lifecycle management in the OIN](/docs/guides/oin-lifecycle-mgmt-overview/). | From fdd00bbfea9158bb93efa7d2942b963748d6d80e Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 21:12:10 +0530 Subject: [PATCH 20/28] tech review comments --- .../docs/guides/create-an-app-integration/main/index.md | 4 ++-- .../main/openidconnect/protocol-config.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index 30ece1e67da..603d5d37c78 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -91,7 +91,7 @@ Okta adds an instance of the app integration to your org, and you can now assign ### Create a custom app integration -You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create a private app integration for your app and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. +You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create a custom app integration for your app and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. >**Note**: As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. @@ -102,7 +102,7 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte ->**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). +>**Note:** This custom integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). ### Create an API Service Integration diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md index 145d6b83a10..bb97b410c44 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/openidconnect/protocol-config.md @@ -5,6 +5,7 @@ * **Grant types** - Select the [grant type](/docs/guides/implement-grant-type/) for your OAuth 2.0 flow based on your app type: - **Web app:** + - **Client credentials** (Supported for service-to-service communication when a user isn't present.) - **Authorization Code** (mandatory for web platform applications) - **Refresh token** (not supported for OIN app integrations) - **Implicit (hybrid)** (optional) — click **Advanced** to select. From 85494140df1caa691434a741742715ad15e3cd20 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 21:15:36 +0530 Subject: [PATCH 21/28] tech review comments --- .../docs/guides/create-an-app-integration/main/index.md | 4 ++-- .../create-an-app-integration/main/scim/protocol-config.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index c27b72c7e0f..f8f84198a2a 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -91,7 +91,7 @@ Okta adds an instance of the app integration to your org, and you can now assign ### Create a custom app integration -You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create an app integration and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. +You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create a custom app integration for your app and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration. >**Note:** As a best practice, create two or three extra admin users in your Okta org to manage the integration. This ensures that your team can access the integration for updates in the future. @@ -102,7 +102,7 @@ You can add an app integration that doesn't exist in the OIN, using the App Inte ->**Note:** This private integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). +>**Note:** This custom integration is only visible within your Okta org. To modify settings after creation, click **Edit** on the main app page. To configure your SP app, copy the **Metadata URL** from the **Sign On** tab, or click **More details** to manually copy individual URLs and certificates. To make your app publicly available later, see [Publish an OIN integration](/docs/guides/submit-app-overview/). ### Create an API Service Integration diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md index 1f54087efca..f6181451dcd 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/scim/protocol-config.md @@ -1,5 +1,5 @@ -6. Ensure that you have the following integration settings ready: +5. Ensure that you have the following integration settings ready: Create an SSO integration that supports SCIM. See [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim). -7. To build and finalize your implementation settings details, see: [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) \ No newline at end of file +6. To build and finalize your implementation settings details, see: [Add SCIM provisioning to app integrations](https://help.okta.com/okta_help.htm?type=oie&id=ext_Apps_App_Integration_Wizard-scim) \ No newline at end of file From 379df2084346b263a8c490759bbc76a96cc0fcda Mon Sep 17 00:00:00 2001 From: Divya Bhushan Date: Sun, 17 May 2026 14:25:43 +0530 Subject: [PATCH 22/28] First commit to create a base branch for OKTA-1174908 --- .../vuepress-theme-prose/const/navbar.const.js | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/packages/@okta/vuepress-theme-prose/const/navbar.const.js b/packages/@okta/vuepress-theme-prose/const/navbar.const.js index 87332eedcdc..3e9510520cd 100644 --- a/packages/@okta/vuepress-theme-prose/const/navbar.const.js +++ b/packages/@okta/vuepress-theme-prose/const/navbar.const.js @@ -754,20 +754,6 @@ export const guides = [ title: "Okta Integration Network", customLandingPage: true, subLinks: [ - { - title: "Single Sign-On", - path: "/docs/guides/oin-sso-overview/", - subLinks: [ - { - title: "Build an SSO integration", - guideName: "build-sso-integration", - }, - { - title: "Add a private SSO integration", - guideName: "add-private-app", - }, - ], - }, { title: "Lifecycle management", path: "/docs/guides/oin-lifecycle-mgmt-overview/", From 1f7e776389c03b86cdf24fa0a6a6437d9b26c795 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 09:56:16 -0400 Subject: [PATCH 23/28] refactoring changes --- packages/@okta/vuepress-site/conductor.yml | 52 ++++----- .../vuepress-site/docs/concepts/saml/index.md | 2 +- .../build-sso-integration/main/index.md | 103 ------------------ .../build-sso-integration/main/saml2/prep.md | 32 ------ .../main/saml2/see-also.md | 1 - .../main/saml2/protocol-config.md | 23 +++- .../main/saml2/see-also.md | 4 +- .../guides/custom-url-domain/main/index.md | 2 +- .../docs/guides/oin-sso-overview/index.md | 4 +- .../docs/guides/saml-tracer/main/index.md | 4 +- .../guides/updating-saml-cert/main/index.md | 2 +- .../docs/release-notes/2021/index.md | 2 +- 12 files changed, 58 insertions(+), 173 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md diff --git a/packages/@okta/vuepress-site/conductor.yml b/packages/@okta/vuepress-site/conductor.yml index 1cdaf440276..5e9074d8532 100644 --- a/packages/@okta/vuepress-site/conductor.yml +++ b/packages/@okta/vuepress-site/conductor.yml @@ -244,13 +244,13 @@ redirects: - from: /docs/guides/saml_guidance.html to: /standards/SAML/ - from: /docs/guides/setting_up_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/setting_up_a_saml_application_in_okta.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/examples/configuring_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/examples/configuring_a_saml_application_in_okta.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SCIM/index.html to: /docs/concepts/scim/ - from: /docs/reference/api/resource-server-beta/index.html @@ -278,7 +278,7 @@ redirects: - from: /use_cases/integrate_with_okta/provisioning/index.html to: /docs/guides/scim-provisioning-integration-overview/ - from: /use_cases/integrate_with_okta/sso-with-saml/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /use_cases/isv/embedded-occ/index.html to: https://www.okta.com/integrate/documentation/embedded-okta-cloud-connect/ - from: /use_cases/isv/isv-syslog-references/index.html @@ -462,7 +462,7 @@ redirects: - from: /docs/how-to/updating_saml_cert/index.html to: /docs/guides/updating-saml-cert/ - from: /standards/SAML/setting_up_a_saml_application_in_okta/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SAML/saml_tracer/index.html to: /docs/guides/saml-tracer/ - from: /authentication-guide/implementing-authentication/set-up-authz-server/index.html @@ -792,7 +792,7 @@ redirects: - from: /docs/how-to/updating_saml_cert to: /docs/guides/updating-saml-cert/ - from: /standards/SAML/setting_up_a_saml_application_in_okta - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /standards/SAML/saml_tracer to: /docs/guides/saml-tracer/ - from: /authentication-guide/implementing-authentication/set-up-authz-server.html @@ -1066,7 +1066,7 @@ redirects: - from: /guides/revoke-tokens/-/overview/index.html to: /docs/guides/revoke-tokens/-/overview/ - from: /guides/saml-application-setup/-/overview/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /guides/sharing-cert/-/generate-new-credential/index.html to: /docs/guides/sharing-cert/main/#generate-a-new-credential-for-the-source-app - from: /guides/sharing-cert/-/overview/index.html @@ -1326,7 +1326,7 @@ redirects: - from: /guides/revoke-tokens/index.html to: /docs/guides/revoke-tokens/ - from: /guides/saml-application-setup/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /guides/session-cookie/index.html to: /docs/guides/session-cookie/ - from: /guides/sharing-cert/index.html @@ -1872,19 +1872,19 @@ redirects: - from: /docs/guides/build-sso-integration/oidc/before-you-begin/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/before-you-begin/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/oidc/create-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/create-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/oidc/submit-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/submit-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/oidc/test-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/saml/test-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/submit-app/prepare-for-submission/index.html to: /docs/guides/submit-app-prereq/ - from: /docs/guides/submit-app/submit/index.html @@ -1896,7 +1896,7 @@ redirects: - from: /docs/guides/build-sso-integration/openidconnect/submit-your-app/index.html to: /docs/guides/build-sso-integration/openidconnect/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/submit-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-provisioning-integration/prepare-guide/index.html to: /docs/guides/scim-provisioning-integration-test/main/#next-steps - from: /docs/api/resources/oidc.html/index.html @@ -4174,29 +4174,29 @@ redirects: - from: /docs/guides/build-sso-integration/-/next-steps/index.html to: /docs/guides/build-sso-integration/ - from: /docs/guides/build-sso-integration/saml2/overview - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/before-you-begin - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/create-your-app - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/specify-your-settings - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/test-your-app - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/next-steps - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/saml2/overview/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/before-you-begin/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/create-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/specify-your-settings/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/test-your-app/index.html - to: /docs/guides/build-sso-integration/saml2/main/ + to: /docs/guides/create-an-app-integration/saml2/main/ - from: /docs/guides/build-sso-integration/saml2/next-steps/index.html - to: /docs/guides/build-sso-integration/saml2/main/#next-steps + to: /docs/guides/create-an-app-integration/saml2/main/#next-steps - from: /docs/guides/build-sso-integration/openidconnect/overview to: /docs/guides/build-sso-integration/openidconnect/main/ - from: /docs/guides/build-sso-integration/openidconnect/before-you-begin diff --git a/packages/@okta/vuepress-site/docs/concepts/saml/index.md b/packages/@okta/vuepress-site/docs/concepts/saml/index.md index 7c19f0340a7..b69fb7d3049 100644 --- a/packages/@okta/vuepress-site/docs/concepts/saml/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/saml/index.md @@ -175,4 +175,4 @@ This is important when you want to SAML-enable all users in your app. Sometimes, ### SAML toolkits -- [Use SAML toolkits](https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/#use-saml-toolkits) +- [Use SAML toolkits](https://developer.okta.com/docs/guides/create-an-app-integration/saml2/main/#use-saml-toolkits) diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md deleted file mode 100644 index e5686041551..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/index.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Build a Single Sign-On (SSO) integration -excerpt: Create an app integration using Security Assertion Markup Language (SAML) or OpenID Connect (OIDC). -meta: - - name: description - content: Use this guide to learn how to integrate federated Single Sign-On with Okta for your app. -layout: Guides ---- - -This guide teaches you how to integrate your federated SSO application with Okta. This guide assumes that you intend to make this app integration public by publishing it in the Okta Integration Network (OIN). - ---- - -#### Learning outcome - -Create and test an SSO app integration for OIN submission. - -#### What you need - -* [Okta Integrator Free Plan org](https://developer.okta.com/signup/) -* An app to integrate SSO with Okta - ---- - -## Overview - -Single Sign-On (SSO) is an authentication method that enables end users to sign in to multiple applications (apps) with one set of credentials. If you have customers that use Okta as an Identity Provider, you want to publish your SSO app integration to the OIN. By having your integration in the OIN catalog, your customers can easily configure SSO for your app. See [Overview of Single Sign-On in the OIN](/docs/guides/oin-sso-overview) for all the benefits of having your integration in the OIN catalog. - -To create an SSO integration for the OIN, first sign up for a free [Integrator Free Plan org](https://developer.okta.com/signup/). Next, select the type of SSO protocol that you want to implement. Okta supports two SSO standards for your integration: - -* **OpenID Connect (OIDC)** (preferred) -* **Security Assertion Markup Language (SAML)** - -Okta recommends using OIDC for new SSO integrations. - -> **Note:** Not all Okta SSO features are supported in the OIN. See [OIN limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). - -### Deployment models - -After you've decided on a protocol, select a deployment model. Okta offers [redirect](/docs/concepts/redirect-vs-embedded/#redirect-authentication) or [embedded](/docs/concepts/redirect-vs-embedded/#embedded-authentication) authentication deploy models. Redirect authentication uses the [Okta Sign-In Widget](https://github.com/okta/okta-signin-widget#okta-sign-in-widget) and is the easiest, most secure way to integrate with Okta. - -Okta recommends the redirect authentication deployment model if your situation meets the [requirements](/docs/concepts/redirect-vs-embedded/#redirect-okta-hosted-vs-embedded-self-hosted). For more information on deployment models, see [Okta deployment models—redirect vs. embedded](/docs/concepts/redirect-vs-embedded/). - -## Build your integration - - - -## Create your integration in Okta - -> **Note**: This section assumes that you already built the SSO integration in your app. - -Instructions for adding your SSO integration into Okta depend on if you want to provide a public or private integration: - -
- -![Public or private integration decision](/img/oin/publicOrPrivateIntegration.png) - -
- - - -### Submit an OIN integration - -If you want to publish your integration in the Okta Integration Network (OIN), follow the instructions in [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/). This guide shows you how to use the OIN Wizard to: - -* Add required integration artifacts and metadata. -* Create an app integration instance for testing. -* Test your SSO flows. -* Submit your integration for OIN verification. - -Having your SSO integration public in the OIN catalog provides you with exposure to all Okta customers. - -> **Notes:** -> * Creating an app integration instance doesn't automatically make it available in the [OIN](https://www.okta.com/integrations/). After you test your integration, [submit it](/docs/guides/submit-oin-app/-/main/#submit-your-integration) to the OIN team for verification and publication. -> * The OIN Wizard doesn't support new SSO integrations with more than three app instance variables or advanced SAML features. - -### Add a private integration - -If you want your integration to exist only in your Okta org, follow the instructions in [Add a private SSO integration](/docs/guides/add-private-app/). This guide shows you how to use the Application Integration Wizard (AIW) in the Admin Console to: - -* Create your app integration instance. -* Test your SSO flows. - -Your org users can access your app after SSO is configured. - -The following are common use cases for adding a private SSO integration: - -* I want to test my SSO integration in my Integrator Free Plan org. I have no immediate plans to have it publicly available. -* I want my SSO integration to only be available in the org I'm using. -* I have a SAML integration with more than three instance variables and advanced SAML features that aren't included in the OIN Wizard. - -## Next steps - -If you want to publish your integration, start the submission process to have your SSO integration included in the OIN: - -* Review the [Publish an OIN integration](/docs/guides/submit-app-overview/) overview to understand the submission process for publishing an integration. -* Follow the [OIN Wizard: Submit an SSO integration](/docs/guides/submit-oin-app/) guide to submit your SSO integration. - -## See also - - diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md deleted file mode 100644 index 75ee3a08a02..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/prep.md +++ /dev/null @@ -1,32 +0,0 @@ -If you're unfamiliar with [SAML 2.0](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html), review the following Okta topics first: - -* [SAML concept](/docs/concepts/saml/) -* [Okta SAML FAQs](/docs/concepts/saml/faqs/) - -### Use SAML toolkits - -To quickly build your SSO integration, use an open source or paid tool kit to implement SAML 2.0. Use these different language kits to create the Service Provider WebSSO profile: - -* .NET framework 4.5 or later: [Sustainsys.Saml2](https://github.com/Sustainsys/Saml2) (Kentor authentication services) -* .NET framework 4.0 or earlier: [ComponentSpace SAML 2.0 for ASP.NET and ASP.NET Core](https://www.componentspace.com/) (paid software) -* Java: [OpenSAML](https://wiki.shibboleth.net/confluence/display/OS30/Home) (part of the [Shibboleth Development Project](https://www.shibboleth.net/)) -* Java: [Spring Security SAML](/code/java/spring_security_saml) -* Python: [PySAML2](/code/python/pysaml2) -* Ruby: [Ruby-SAML](https://github.com/onelogin/ruby-saml) - ->**Note:** Okta doesn't own or maintain these toolkits. - -### Gather SAML attributes - -Obtain SAML integration attributes before you create an app integration instance in Okta. - -In a SAML integration, Okta is the Identity Provider (IdP), and your app is the Service Provider (SP). - -1. Determine the default assertion consumer service (ACS) URL for your integration. This is often referred to as the SP sign-in URL. This is the endpoint on your app where the SAML responses are posted. -1. Find your audience URI. This is sometimes referred to as the SP entity ID or the entity ID of your app. -1. Set up a default relay state page, where users land after they successfully sign in to the SP using SAML. This must be a valid URL. (Optional) -1. Gather any required SAML attributes that are relevant to the target app. You can share Okta user profile values or group memberships as SAML attributes with your app. - ->**Notes:** Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may have issues or even reject large SAML payloads. Okta recommends that you keep the number of attributes to a minimum and include only those necessary for the app. -> ->SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/). diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md deleted file mode 100644 index 8d7441b0255..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/saml2/see-also.md +++ /dev/null @@ -1 +0,0 @@ -[Okta Developer Forum: SAML](https://devforum.okta.com/search?q=saml) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md index 49a2f9c9966..f04efe2cc8d 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/protocol-config.md @@ -1,6 +1,25 @@ +In a SAML integration, Okta is the Identity Provider (IdP), and your app is the Service Provider (SP). Gather the following SAML integration attributes before you create the app integration in Okta: + * App name -* SSO URL or ACS URL -* Audience URI (SP Entity ID) +* SSO URL or ACS URL: the default assertion consumer service URL, sometimes referred to as the SP sign-in URL. This is the endpoint on your app where the SAML responses are posted. +* Audience URI (SP Entity ID): sometimes referred to as the entity ID of your app. +* Default relay state page (optional): where users land after they successfully sign in to the SP using SAML. This must be a valid URL. * Name ID format and attribute statement * Signed SAML assertions +* Any required SAML attributes that are relevant to the target app. You can share Okta user profile values or group memberships as SAML attributes with your app. + +To quickly build your SSO integration, use an open source or paid toolkit to implement SAML 2.0. Use these different language kits to create the Service Provider WebSSO profile: + +* .NET framework 4.5 or later: [Sustainsys.Saml2](https://github.com/Sustainsys/Saml2) (Kentor authentication services) +* .NET framework 4.0 or earlier: [ComponentSpace SAML 2.0 for ASP.NET and ASP.NET Core](https://www.componentspace.com/) (paid software) +* Java: [OpenSAML](https://wiki.shibboleth.net/confluence/display/OS30/Home) (part of the [Shibboleth Development Project](https://www.shibboleth.net/)) +* Java: [Spring Security SAML](/code/java/spring_security_saml) +* Python: [PySAML2](/code/python/pysaml2) +* Ruby: [Ruby-SAML](https://github.com/onelogin/ruby-saml) + +>**Notes:** +>* Okta doesn't own or maintain these toolkits. +>* Okta doesn't impose a limit on the number of attributes that you can include in a SAML assertion. However, the target app or browser may have issues or even reject large SAML payloads. Okta recommends that you keep the number of attributes to a minimum and include only those necessary for the app. +>* SAML integrations must use SHA256 encryption for security. If you're using SHA-1 for encryption, see our guide on how to [Upgrade SAML Apps to SHA256](/docs/guides/updating-saml-cert/). + See [Application Integration Wizard SAML field reference](https://help.okta.com/okta_help.htm?type=oie&id=csh-attribute-statements-saml) for details. diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md index 1d406e45e98..0d7c2753710 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/saml2/see-also.md @@ -1,2 +1,4 @@ * See [Publish an OIN integration](https://developer.okta.com/docs/guides/submit-app-overview/) for information on submitting your integration for publication in the OIN. -* See [SAML technical questions](https://developer.okta.com/docs/concepts/saml/faqs/) for answers to common questions about SAML integrations. \ No newline at end of file +* See [SAML technical questions](https://developer.okta.com/docs/concepts/saml/faqs/) for answers to common questions about SAML integrations. +* For an overview of how Okta uses SAML, see the [SAML concept](/docs/concepts/saml/) topic. +* For the SAML 2.0 specification, see the [SAML 2.0 Technical Overview](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). diff --git a/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md b/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md index 88b536b0d01..a5f461c5dcc 100644 --- a/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/custom-url-domain/main/index.md @@ -110,7 +110,7 @@ The third generation of the Okta Sign-In Widget doesn’t guarantee the stabilit * Okta supports 2048, 3072, and 4096-bit keys for the private key that you upload. However, your certificate chain can use keys of any size. -* If you configure any SAML or WS-Fed integrated apps in your org, review the setup instructions for [SAML SSO](/docs/guides/build-sso-integration/saml2/main/) or [WS-Fed SSO](https://help.okta.com/okta_help.htm?id=ext_Apps_Configuring_WS_Federation). Update those SAML or WS-Fed Service Provider integrations to use the new custom URL in the metadata. Your customers then see the new custom domain rather than the Okta org domain. +* If you configure any SAML or WS-Fed integrated apps in your org, review the setup instructions for [SAML SSO](/docs/guides/create-an-app-integration/saml2/main/) or [WS-Fed SSO](https://help.okta.com/okta_help.htm?id=ext_Apps_Configuring_WS_Federation). Update those SAML or WS-Fed Service Provider integrations to use the new custom URL in the metadata. Your customers then see the new custom domain rather than the Okta org domain. * If you sign a user in with your new custom domain, they may need to sign in more than once. If your user tries to SSO into previous OIDC integrations that are made with the org domain, they're prompted to sign in again. To avoid this, you need to change the issuer in these integrations to your custom URL in both the Okta dashboard and your codebase. diff --git a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md index e5cbf6f92b7..0c8e85c9adc 100644 --- a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md +++ b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md @@ -35,7 +35,7 @@ Okta supports two protocols for handling federated SSO: OpenID Connect (OIDC) an | **Benefits** |
  • A newer protocol with widespread and growing use
  • Best Okta customer configuration experience
  • Ideal for mobile and cloud apps
|
  • Many people are familiar with SAML because it's an older protocol
  • Widely used federation protocol for SSO in web apps
  • Many SaaS providers support SAML integration to grant SSO access to end users
| | **Technology** |
  • An identity layer on top of the [OAuth 2.0](https://oauth.net/2/) protocol
  • Verifies end user identity and obtains profile information
  • Lightweight and REST-based
|
  • XML-based messages
  • The specification doesn’t have user consent, although it can be built into the flow
| | **Resources** |
  • [OpenID Connect Foundation](https://openid.net/connect/)
|
  • [SAML 2.0 Technical Overview](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
| -| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/build-sso-integration/saml2/main/)
| +| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| > **Note:** For specific OIDC and SAML protocol features not supported in the OIN, see [OIN submission limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). @@ -99,7 +99,7 @@ Ready to get started? Choose how you want to implement your SSO app integration: Build an Okta SSO integration with OIDC -Build an Okta SSO integration with SAML +Build an Okta SSO integration with SAML
diff --git a/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md b/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md index 17cf7057566..d68d7b89357 100644 --- a/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/saml-tracer/main/index.md @@ -15,7 +15,7 @@ This guide explains how to test a SAML app implementation with the SAML-tracer b #### What you need -A SAML app to test. See [Prepare a SAML integration](/docs/guides/build-sso-integration/saml2/main/#prepare-a-saml-integration). +A SAML app to test. See [Prepare a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-a-saml-integration). --- @@ -255,4 +255,4 @@ SAML responses are signed and contain the profile attributes of the person who r * [SAML overview](https://developer.okta.com/docs/concepts/saml/) * [SAML FAQ](https://developer.okta.com/docs/concepts/saml/faqs/) -* [Prepare a SAML integration](/docs/guides/build-sso-integration/saml2/main/#prepare-a-saml-integration) +* [Prepare a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-a-saml-integration) diff --git a/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md b/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md index 941ab624a98..f17eda8f5f2 100644 --- a/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/updating-saml-cert/main/index.md @@ -15,7 +15,7 @@ Upgrade Okta SAML apps from using SHA1 certificates to more secure SHA256 certif #### What you need -A SAML app to upgrade. See [Building a SAML SSO integration](/docs/guides/build-sso-integration/saml2/main/#prepare-your-integration). +A SAML app to upgrade. See [Building a SAML SSO integration](/docs/guides/create-an-app-integration/saml2/main/#prepare-your-integration). --- diff --git a/packages/@okta/vuepress-site/docs/release-notes/2021/index.md b/packages/@okta/vuepress-site/docs/release-notes/2021/index.md index 7242c5bfb74..87faa96ea64 100644 --- a/packages/@okta/vuepress-site/docs/release-notes/2021/index.md +++ b/packages/@okta/vuepress-site/docs/release-notes/2021/index.md @@ -267,7 +267,7 @@ The `audience` parameter of the `/authn` [endpoint](/docs/reference/api/authn/#p #### SAML assertion preview populates with real data -After a developer creates a SAML App integration in the Okta Admin Console, the preview of a generated SAML assertion now uses real data instead of mock data. See [Create a SAML integration](/docs/guides/build-sso-integration/saml2/main/#create-a-saml-integration). +After a developer creates a SAML App integration in the Okta Admin Console, the preview of a generated SAML assertion now uses real data instead of mock data. See [Create a SAML integration](/docs/guides/create-an-app-integration/saml2/main/#create-a-saml-integration). #### Dynamic Issuer Mode is EA in Preview From 6d2bcc360de05d0a32a669ca7ff85afebecfca41 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:04:10 -0400 Subject: [PATCH 24/28] removes deleted files --- .../guides/build-sso-integration/index.md | 10 -- .../main/openidconnect/prep.md | 145 ------------------ .../main/openidconnect/see-also.md | 5 - 3 files changed, 160 deletions(-) delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md delete mode 100644 packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md deleted file mode 100644 index 66f9a8594fe..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Build a Single Sign-On (SSO) integration -excerpt: Build an SSO app integration using SAML or OIDC for the OIN. -meta: - - name: description - content: Use this guide to learn how to build a federated Single Sign-On integration with Okta. -layout: Guides -sections: - - main ---- diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md deleted file mode 100644 index eba73113c2f..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/prep.md +++ /dev/null @@ -1,145 +0,0 @@ -If you haven't built the OIDC service in your app yet, review the [OAuth 2.0 and OpenID Connect Overview](/docs/concepts/oauth-openid/). - -For OIDC integrations that you want to publish in the OIN catalog, review the following implementation topics: - -1. Use the Authorization Code flow with client secrets for your app. Select **Web Application** as the OIDC app type when you create your app integration in your Okta org. -1. [Determine the scopes](#scopes) that you require for your OIDC client (your app). -1. Consider how your app stores [customer client credentials](#oidc-customer-org-credentials). -1. Understand how to [validate tokens](#token-validation) in your OIDC client. - - > **Note:** You can't use the Okta SDKs to validate access tokens for apps in the OIN. This is due to the OIN restriction of using an org authorization server and the Authorization Code flow. - -1. Implement credential rotation in your app. - - Your app must support automatic credential rotation. See [key rotation](#key-rotation). -1. Determine the sign-in redirect URIs for your app. - - A redirect URI is where Okta sends the authentication response and ID token during the sign-in flow. You can specify more than one URI if required. - -1. [Consider rate limits](#rate-limit-considerations) when you build your integration. - -After you've built the SSO integration in your app with the previous guidance list, test it with an Okta app integration instance. See [Create your integration in Okta](#create-your-integration-in-okta). - -### OIDC customer org credentials - -Okta uses a [multi-tenant](/docs/guides/oin-sso-overview/#okta-organization-and-multi-tenancy) local credential system for OIDC integrations. When your customer adds your integration in their Okta org, they obtain a unique set of OIDC credentials. Each instance of your app integration inside a customer org has a separate set of OIDC client credentials that are used to access your app. - -This multi-tenant approach differs from other IdPs that use a global credential system, where a given app has the same customer credentials across all orgs. - -See the [OIN multi-tenancy](/docs/guides/submit-app-prereq/main/#oin-multi-tenancy) requirement. - -You must track client credentials for each app integration instance for your app. For example, consider a scenario where your app integration is added to 10 separate customer orgs. Seven of those customers create a single instance of your app integration. However, the other three customers each create two separate instances of your app integration so they can use different configuration options. This scenario creates a total of 13 sets of client credentials for your app that you need to track. - -### Determine the OAuth 2.0 flow to use - -> **Note:** Quickstarts and example links provided in this section may use features not supported in the OIN. For example, the use of a custom authorization server isn't supported. - -Select the OAuth 2.0 flow to use based on your app: - -* For web apps: - - Okta mandates the [Authorization Code flow](/docs/guides/implement-grant-type/authcode/main/). This flow is used for apps with a dedicated server-side backend capable of securely storing a client secret. The app integration can also exchange information with an authorization server through trusted back-channel connections. - > **Note:** The implicit flow is extremely challenging to implement securely. Therefore, Okta doesn’t recommend its use for token exchange in web apps. If your use case requires the use of an implicit flow for token exchange, contact [Okta Support](https://support.okta.com). - -* For single-page apps (SPA) and mobile apps: - - The OIN doesn’t support direct authentication from SPAs or native mobile apps. Instead, your backend systems must handle authentication. - -In this architecture, your SPA or mobile app shouldn’t manage tokens directly. Instead, use an intermediary system, such as an API gateway or a backend-for-frontend service, to facilitate communication between your client app and the resource server. Okta recommends implementing the authorization code flow for secure authentication and token exchange. - -> **Notes:** -> * Ensure that you select **Web Application** as the OIDC app type when you create your app integration in your Okta org. -> * Native and mobile app integrations aren't accepted as OIDC app integrations in the OIN unless they use server-side authentication patterns. Set up your app to use an authentication flow that allows your client app to talk to your SaaS backend. Your SaaS backend can then securely communicate with Okta through trusted back-channel connections. See [Implement the authorization code flow](/docs/guides/implement-grant-type/authcode/main/) to implement the OAuth 2.0 flow - -When you follow these guides, be aware of the authorization server used. Most of the examples show you how to make an `/authorize` or `/token` request using a [custom authorization server](/docs/concepts/auth-servers/#custom-authorization-server). To support the potentially large number of Okta orgs accessing it through the OIN, an OIDC integration can't use a custom authorization server (this includes the `default` server). Therefore, for OIN OIDC apps, you can only use the [org authorization server](/docs/concepts/auth-servers/#org-authorization-server). - -For example, the following are the various `/authorize` request URLs for the different authorization servers: - -**custom authorization server**: `https://{customerOktaDomain}/oauth2/{authorizationServerId}/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -**default custom authorization server**(`{authorizationServerId}=default`): `https://{customerOktaDomain}/oauth2/default/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -**org authorization server**:`https://{customerOktaDomain}/oauth2/v1/authorize?client_id={clientId}&response_type=code&scope=openid&redirect_uri={redirectURI}&state={state}` - -Make sure you only use the **org authorization server** URL. - -> **Notes:** -> * When you use the org authorization server, the issuer URL is `https://{yourOktaDomain}`. -> * The `refresh_token` option isn't supported for apps published in the OIN. - -### Scopes - -Your OIDC client needs to use scope values to define the access privileges being requested with individual access tokens. The scopes associated with access tokens determine what resources are available when the tokens are used to access the protected endpoints. You can use scopes to request that specific sets of values be available as claim information about the end user. - -The only scope that you must declare is `openid`. When the authentication request is sent to Okta, the `openid` scope identifies the request as being an OIDC request. - -Other optional scopes available (these are returned from the `/userinfo` endpoint): - -* `profile`: The end user's default profile claims: `name`, `family_name`, `given_name`, `middle_name`, `nickname`, `preferred_username`, `profile`, `picture`, `website`, `gender`, `birthdate`, `zoneinfo`, `locale`, and `updated_at` -* `email`: Requests access to the `email` and `email_verified` claims - - > **Note:** Don't rely on the `email_verified` scope-dependent claim returned by an OIDC integration to evaluate whether a user has verified ownership of the email address associated with their profile. - -* `address`: Requests access to the `address` claim -* `phone`: Requests access to the `phone_number` and `phone_number_verified` claims - -> **Note**: The following scopes aren't supported for integrations published in the OIN: -> * `offline_access` scope (since refresh tokens aren't supported) -> * Custom scopes (such as the `groups` scope). You can only request the [OIDC scopes](https://developer.okta.com/docs/api/openapi/okta-oauth/guides/overview/#scopes). You can't configure custom scopes. - -Okta uses access policies to decide whether to grant scopes. If any of the requested scopes are rejected by the access policies, Okta rejects the request. - -### Uniform Resource Identifier (URI) - -There are three URIs that you need to consider when creating an OIDC app for the OIN: - -1. **Sign-in redirect URIs**: After the user is successfully authorized by Okta, this is the callback location where the user is directed along with the authorization code. This URI must exactly match at least one of the redirect URI values that are pre-registered in the Okta app integration settings. -2. Optional. **Initiate login URI**: This URI is used if the app is launched from the End-User Dashboard (known as an IdP-initiated flow), and you want your Okta integration to handle redirecting your users to your app to start the sign-in request. When users click your app in their End-User Dashboard, they’re redirected to the `initiate_login_uri` of the client app, which constructs the authentication request and redirects the end user back to the authorization server. This URI must exactly match the Initiate URI value that is pre-registered in the Okta app integration settings. -3. Optional. **Sign-out redirect URIs**: A location to send the user after a sign-out operation is performed and their session is terminated. Otherwise, the user is redirected back to the sign-in page. - -### Token validation - -For checking access tokens, the `/introspect` [endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/introspectCustomAS) takes your token as a URL query parameter and then returns a simple JSON response with the boolean `active` property. - -As OIN app integrations can't use custom authorization servers, you must use remote token validation (through the Introspection API endpoint) for access tokens and local validation for ID tokens. - -This remote validation incurs a network cost, but you can use it when you want to guarantee that the access token hasn't been revoked. - -> **Note:** You can't use the Okta SDKs for OIN app integration development if you need to validate access tokens with the org authorization server. This is due to the OIN restriction of using an org authorization server and the Authorization Code flow. - -### Key rotation - -The standard behavior in identity and access management is to rotate the keys used to sign tokens. Okta changes these keys typically four times a year (every 90 days), but that rotation schedule can change without notice. Okta automatically rotates the keys for your authorization server on a regular basis. - -Your OIDC client should periodically query the `/keys` endpoint and retrieve the JSON Web Key Set. This key set contains the public keys used to verify the signatures of the tokens received from Okta. You can cache the keys to improve performance, but be aware that verification fails when Okta automatically rotates the keys. - -See [key rotation](/docs/concepts/key-rotation/) or the `/keys` [API endpoint](https://developer.okta.com/docs/api/openapi/okta-oauth/oauth/tag/CustomAS/#tag/CustomAS/operation/oauthKeysCustomAS) for specific details on handling queries and responses. - -### Rate limit considerations - -When you construct your SSO app, be aware of the limits on requests to Okta APIs. For information on the rate-limit categories, see the [Rate limits overview](/docs/reference/rate-limits/). Okta provides three headers in each response to report on both concurrent and org-wide rate limits. - -For org-wide rate limits, the following three headers are provided: - -* `X-Rate-Limit-Limit`: The rate limit ceiling that applies to the current request -* `X-Rate-Limit-Remaining`: The amount of requests left for the current rate-limit window -* `X-Rate-Limit-Reset`: The time when the rate limit resets, specified in UTC epoch time - -To monitor org-wide rate limits, include code in your app to check the relevant headers in the response. - -For concurrent rate limits, the three headers behave a little differently: - -* When the number of unfinished requests is below the concurrent rate limit, request headers only report org-wide rate limits. -* After you exceed a concurrent rate limit, the headers report that the limit has been exceeded. -* When you drop back down below the concurrent rate limit, the headers switch back to reporting the time-based rate limits. -* The first two header values are always `0` for concurrent rate limit errors. The third header reports an estimated time interval when the concurrent rate limit may be resolved. -* The `X-Rate-Limit-Reset` time for concurrent rate limits is only a suggested value. There's no guarantee that enough requests can complete for the requests to go below the concurrent rate limit at the time indicated. - -The error condition resolves itself when there's another concurrent thread available. Normally no intervention is required. You may be exceeding the concurrent rate limit if you notice frequent bursts of HTTP 429 errors. Examine the activities in the log before the burst of HTTP 429 errors appeared. If you can't identify what is causing you to exceed the limit, contact [Okta Support](https://support.okta.com). - -You can request a temporary rate limit increase if you anticipate a large number of requests over a specified time period. Contact [Okta Support](https://support.okta.com) to open a ticket to permit the exception. See [How to Request a Temporary Rate Limit Increase](https://support.okta.com/help/s/article/How-can-we-request-to-have-the-rate-limit-for-our-org-temporarily-increased?language=en_US). - -> **Note:** The following public metadata endpoints aren't subjected to rate limits: -> * `/oauth2/v1/keys` -> * `/.well-known/openid-configuration` -> * `/.well-known/oauth-authorization-server` diff --git a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md b/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md deleted file mode 100644 index d78bbb117d4..00000000000 --- a/packages/@okta/vuepress-site/docs/guides/build-sso-integration/main/openidconnect/see-also.md +++ /dev/null @@ -1,5 +0,0 @@ -* [OAuth 2.0 vs. OpenID Connect](/docs/concepts/oauth-openid/#oauth-2-0-vs-openid-connect) -* [Express Configuration](/docs/guides/express-configuration/main/) -* [Okta Developer Forum: OIDC](https://devforum.okta.com/search?q=oidc) -* [Redirect authentication](/docs/guides/redirect-authentication/): for language and platform-specific redirect authentication guides -* [Embedded authentication](/docs/guides/embedded-authentication/): for language, platform-specific, and embedded-authentication use case guides \ No newline at end of file From 6ff4ce55382fe12c48053e7988113e084db3e878 Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:08:15 -0400 Subject: [PATCH 25/28] fix --- packages/@okta/vuepress-site/docs/guides/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/@okta/vuepress-site/docs/guides/index.md b/packages/@okta/vuepress-site/docs/guides/index.md index c7dbaf7e7d8..aa546a67da2 100644 --- a/packages/@okta/vuepress-site/docs/guides/index.md +++ b/packages/@okta/vuepress-site/docs/guides/index.md @@ -90,7 +90,6 @@ guides: - secure-hooks - single-logout - signup-oktahosted - - build-sso-integration - custom-sms-messaging - submit-app - submit-app-prereq From 97ccf30d1bb40af8a93c160714ba76f71d36c3bd Mon Sep 17 00:00:00 2001 From: brentschaus-okta Date: Fri, 29 May 2026 10:42:54 -0400 Subject: [PATCH 26/28] mirroring janu changes to avoid broken build check --- packages/@okta/vuepress-site/code/python/pysaml2/index.md | 4 ++-- .../vuepress-site/docs/concepts/how-okta-works/index.md | 2 +- .../docs/concepts/redirect-vs-embedded/index.md | 2 +- .../vuepress-site/docs/guides/add-private-app/main/index.md | 2 +- .../vuepress-site/docs/guides/oin-sso-overview/index.md | 6 +++--- .../scim-provisioning-integration-overview/main/index.md | 2 +- .../docs/guides/sign-in-overview/main/index.md | 1 - .../guides/submit-oin-app/main/openidconnect/what-need.md | 2 +- .../docs/guides/submit-oin-app/main/saml2/what-need.md | 2 +- .../docs/guides/submit-oin-app/main/scim/what-need.md | 2 +- .../vuepress-site/docs/reference/org-defaults/index.md | 2 +- 11 files changed, 13 insertions(+), 14 deletions(-) diff --git a/packages/@okta/vuepress-site/code/python/pysaml2/index.md b/packages/@okta/vuepress-site/code/python/pysaml2/index.md index 54772cda8be..4233443dd50 100755 --- a/packages/@okta/vuepress-site/code/python/pysaml2/index.md +++ b/packages/@okta/vuepress-site/code/python/pysaml2/index.md @@ -25,8 +25,8 @@ If you're already familiar with Okta, you can skip to the section titled "Config Before you can configure your application and PySAML2, set up an Okta application icon that enables an Okta user to sign in to your application with SAML and PySAML2. -To set up Okta to connect to your application, follow the [Build a Single Sign-On Integration](/docs/guides/build-sso-integration/saml2/main/) -guide. As noted in the [Create your integration](/docs/guides/build-sso-integration/saml2/main/#create-your-integration) instructions, there are two steps to change: +To set up Okta to connect to your application, follow the [Build a Single Sign-On Integration](/docs/guides/sign-in-overview/main/) +guide. As noted in the [Create your integration](/docs/guides/submit-app-prereq/main/) instructions, there are two steps to change: * In step \#9: Use **PySAML2 Example** instead of **Example SAML application**. * In step \#10: When entering the URL: diff --git a/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md b/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md index affbc61506f..1a9ed88d16f 100644 --- a/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/how-okta-works/index.md @@ -23,7 +23,7 @@ You can use Okta to [secure your APIs](/docs/guides/protect-your-api/) and appli ##### You have more than one app, and you want to implement Single Sign-On (SSO) -Use Okta to allow your users to [sign in to other applications](/docs/guides/build-sso-integration/) instead of requiring them to remember separate sets of credentials for each application or service. Users can simply sign in once and access your full suite of applications. +Use Okta to allow your users to [sign in to other applications](/docs/guides/sign-in-overview/main/) instead of requiring them to remember separate sets of credentials for each application or service. Users can simply sign in once and access your full suite of applications. ##### You want to enforce multifactor authentication (MFA) when your users want to access sensitive data diff --git a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md index 14026f28010..e1c453f210b 100644 --- a/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md +++ b/packages/@okta/vuepress-site/docs/concepts/redirect-vs-embedded/index.md @@ -47,7 +47,7 @@ The user or system is redirected to Okta for credential verification. The user o You can customize your app's [domain](/docs/guides/custom-url-domain/) and the [Okta Sign-In Widget style](/docs/guides/custom-widget/) to match your brand. -> **Note**: [SSO](/docs/guides/build-sso-integration/) is supported for redirect authentication. This means that Okta may create a session (based on the Okta policies, for example). Other integrated apps can then use SSO to sign users in. +> **Note**: [SSO](/docs/guides/sign-in-overview/main/) is supported for redirect authentication. This means that Okta may create a session (based on the Okta policies, for example). Other integrated apps can then use SSO to sign users in. Consider, for example, when an organization uses Okta as its Identity Provider: diff --git a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md index 7db847b06f8..9ccbb5fa106 100644 --- a/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/add-private-app/main/index.md @@ -17,7 +17,7 @@ Use this guide to add a private, custom Single Sign-On (SSO) OpenID Connect (OID #### What you need -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/sign-in-overview/main/) guide * An Okta org (such as an [Okta Integrator Free Plan org](https://developer.okta.com/signup)) --- diff --git a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md index 0c8e85c9adc..0c5fd3125d0 100644 --- a/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md +++ b/packages/@okta/vuepress-site/docs/guides/oin-sso-overview/index.md @@ -9,7 +9,7 @@ The Okta Integration Network (OIN) is a collection of over 7000 pre-built app in To get your app integration into the OIN: -1. [Build an app integration](/docs/guides/build-sso-integration/) using a free [Okta Integrator Free Plan org](https://developer.okta.com/signup/) and any of the wide array of [languages and libraries](/code/) supported by Okta. +1. [Build an app integration](/docs/guides/sign-in-overview/main/) using a free [Okta Integrator Free Plan org](https://developer.okta.com/signup/) and any of the wide array of [languages and libraries](/code/) supported by Okta. 1. [Submit your app](/docs/guides/submit-app-overview/) integration for verification and approval by the Okta OIN team. Your integration is available in the OIN for the Okta community to use after Okta validates and publishes your app integration. @@ -35,7 +35,7 @@ Okta supports two protocols for handling federated SSO: OpenID Connect (OIDC) an | **Benefits** |
  • A newer protocol with widespread and growing use
  • Best Okta customer configuration experience
  • Ideal for mobile and cloud apps
|
  • Many people are familiar with SAML because it's an older protocol
  • Widely used federation protocol for SSO in web apps
  • Many SaaS providers support SAML integration to grant SSO access to end users
| | **Technology** |
  • An identity layer on top of the [OAuth 2.0](https://oauth.net/2/) protocol
  • Verifies end user identity and obtains profile information
  • Lightweight and REST-based
|
  • XML-based messages
  • The specification doesn’t have user consent, although it can be built into the flow
| | **Resources** |
  • [OpenID Connect Foundation](https://openid.net/connect/)
|
  • [SAML 2.0 Technical Overview](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html)
| -| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/build-sso-integration/openidconnect/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| +| **Get started** |
  • [Build an Okta SSO integration with OIDC](/docs/guides/sign-in-overview/main/)
|
  • [Build an Okta SSO integration with SAML](/docs/guides/create-an-app-integration/saml2/main/)
| > **Note:** For specific OIDC and SAML protocol features not supported in the OIN, see [OIN submission limitations](/docs/guides/submit-app-prereq/main/#oin-limitations). @@ -97,7 +97,7 @@ Ramon is an Initech employee with access to the Acme app. Follow his SSO journey Ready to get started? Choose how you want to implement your SSO app integration: -Build an Okta SSO integration with OIDC +Build an Okta SSO integration with OIDC Build an Okta SSO integration with SAML diff --git a/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md b/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md index 020969d9d3b..143b04e9bd4 100644 --- a/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/scim-provisioning-integration-overview/main/index.md @@ -33,7 +33,7 @@ If you need more detail on the concepts behind lifecycle management with SCIM an While many ISVs have custom APIs for managing user accounts, this guide assumes that you use the [System for Cross-domain Identity Management](https://scim.cloud) (SCIM) protocol. The SCIM protocol is an industry standard that supports all the needed features for lifecycle provisioning. For more technical details on how you can take advantage of the SCIM API with Okta, see our [SCIM Protocol reference](https://developer.okta.com/docs/api/openapi/okta-scim/guides/). -Your Okta integration should use Single Sign-On (SSO) to initiate end user authentication. Learn how to set up your integration with SSO in our [Build a Single Sign-On (SSO) integration](/docs/guides/build-sso-integration/) guide. +Your Okta integration should use Single Sign-On (SSO) to initiate end user authentication. Learn how to set up your integration with SSO in our [Build a Single Sign-On (SSO) integration](/docs/guides/sign-in-overview/main/) guide. ## Guides diff --git a/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md b/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md index 3197741df9b..7bfdffb5bb3 100644 --- a/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/sign-in-overview/main/index.md @@ -54,4 +54,3 @@ If you’re a Classic Engine customer who wants to upgrade their apps to use Ide * [Add an external identity provider](/docs/guides/identity-providers/) * [Configure an access policy](/docs/guides/configure-access-policy/main/) * [Configure a global session policy and app sign-in policies](/docs/guides/configure-signon-policy/main/) -* [Build a Single Sign-On (SSO) integration](/docs/guides/build-sso-integration/openidconnect/main/) diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md index 37828ef0352..67f8eba634f 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/openidconnect/what-need.md @@ -1,3 +1,3 @@ -* A functional integration that's based on the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) or [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) guide +* A functional integration that's based on the [Sign users in overview](/docs/guides/sign-in-overview/main/) * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md index 37828ef0352..67f8eba634f 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/saml2/what-need.md @@ -1,3 +1,3 @@ -* A functional integration that's based on the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) or [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) guide +* A functional integration that's based on the [Sign users in overview](/docs/guides/sign-in-overview/main/) * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md index a42ab223e93..53bcd171dc6 100644 --- a/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md +++ b/packages/@okta/vuepress-site/docs/guides/submit-oin-app/main/scim/what-need.md @@ -1,3 +1,3 @@ * Google Chrome browser with the Okta Browser Plugin installed (see [OIN Wizard requirements](/docs/guides/submit-app-prereq/main/#oin-wizard-requirements)) -* A functional integration that's based on the [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) and the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/) guide \ No newline at end of file +* A functional integration that's based on the [Build a SCIM provisioning integration](/docs/guides/scim-provisioning-integration-overview/main/) and the [Sign users in overview](/docs/guides/sign-in-overview/main/) guide. \ No newline at end of file diff --git a/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md b/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md index 7d207d1de5a..9216492db0c 100644 --- a/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md +++ b/packages/@okta/vuepress-site/docs/reference/org-defaults/index.md @@ -24,7 +24,7 @@ The Integrator Free Plan org is provisioned with the features in the following t | Feature | Description | |---------------------------------------------|------------------------------------------------| -| SSO (Single Sign-On) | Provides capabilities to incorporate SSO authentication for your users. See [Build a Single Sign-On (SSO) Integration](/docs/guides/build-sso-integration/-/main/). | +| SSO (Single Sign-On) | Provides capabilities to incorporate SSO authentication for your users. See [Build a Single Sign-On (SSO) Integration](/docs/guides/sign-in-overview/main/). | | UD (Universal Directory) | Stores and manages your user information. See [What is the Okta Universal Directory](/docs/concepts/user-profiles/#what-is-the-okta-universal-directory). | | AMFA (Adaptive Multifactor Authentication) | Provides capabilities to implement authentication based on risk. See [Authentication factors](/docs/concepts/iam-overview-authentication-factors/). | | LCM (Lifecycle Management) | Manages the process of access to apps and resources over the lifecycle of a user. See [Overview of lifecycle management in the OIN](/docs/guides/oin-lifecycle-mgmt-overview/). | From 86bf8767ccc16d28814d53cea5f0e76fb76235c7 Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 23:11:42 +0530 Subject: [PATCH 27/28] resolving broken link --- .../docs/guides/create-an-app-integration/main/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index 603d5d37c78..e0a9684bbbc 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -18,7 +18,7 @@ This guide explains what an app integration is, why you need one, and how to cre * An [Okta Integrator Free Plan org](https://developer.okta.com/signup/). * An admin user in the Integrator Free Plan org with either the super admin or the app and org admin roles. -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/openidconnect/main/) guide. +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/sign-in-overview/main/) guide. --- From ae1781a7f1dde188ec93a6f5a87cc03a415045ea Mon Sep 17 00:00:00 2001 From: sophiajose-okta Date: Fri, 29 May 2026 23:13:52 +0530 Subject: [PATCH 28/28] resolving broken link --- .../docs/guides/create-an-app-integration/main/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md index f8f84198a2a..64c13ea9fef 100644 --- a/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md +++ b/packages/@okta/vuepress-site/docs/guides/create-an-app-integration/main/index.md @@ -18,7 +18,7 @@ This guide explains what an app integration is, why you need one, and how to cre * An [Okta Integrator Free Plan org](https://developer.okta.com/signup/). * An admin user in the Integrator Free Plan org with either the super admin or the app and org admin roles. -* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/build-sso-integration/saml2/main/) guide. +* A functional SSO integration created in accordance with the [Build a Single Sign-On integration](/docs/guides/sign-in-overview/main/) guide. ---