Last Updated: Sep 16, 2024
Overview
The SAML connection does not work as expected, and the below error is displayed:
Oops!, something went wrong. You may have pressed the back button …
This article details what are the steps to set up a SAML connection between Okta (acting as the Identity Provider) and Auth0 (acting as the Service Provider).
Applies To
- SAML connection
- Okta (as Identity Provider) and Auth0 (as Service Provider).
Solution
Review the following video for details:
Here are the steps to create a Generic SAML Enterprise connection between Okta and Auth0:
Okta Side Setup
- Sign in to the Okta Developer Console.
- Go to Create App Integration and choose SAML 2.0 from the options.
- In Single sign on URL, enter the Auth0 tenant’s login callback URL, i.e., https://YOUR_DOMAIN/login/callback?connection=YOUR_CONNECTION_NAME
- The connection name will be the same name that will be assigned when setting up the SAML Enterprise connection on the Auth0 side.
- If a Custom domain has been configured within the tenant, it should be the custom domain that is used in place of YOUR_DOMAIN and not the Auth0 default domain.
- Set the Audience URI (SP Entity ID), e.g., “urn:auth0:YOUR_TENANT{just tenant name}:YOUR_CONNECTION_NAME”.
- Click Next and then Finish to complete the Okta application setup.
- When done, the login flow will be directed to the Sign On page for the newly-created app.
- Here, click View SAML Setup Instructions, where you will find the Identity Provider Single Sign-On URL, which should look something like: https://OKTA_TENANT_DOMAIN.okta.com/app/…/…/sso/saml and X.509 Certificate, which needs to be downloaded for later use when it will need to be uploaded into the Auth0 SAML connection setup.
- Then, in Assignments, assign a user to the Okta application.
Auth0 Side Setup
- Login to the Auth0 Dashboard.
- Navigate Authentication > Enterprise.
- Click on the + sign next to the SAML connection.
- Give the connection the same name used previously to setup the Okta Application for Single sign on URL and URI.
- Set the Sign-in URL, which should look something like:https://OKTA_TENANT_DOMAIN.okta.com/app/…/…/sso/saml that can be found in the OKTA View SAML Setup Instructions.
- Upload the X.509 Certificate, which was downloaded from the OKTA View SAML Setup Instructions screen described above.
- Click Save Changes at the bottom of the screen.
- On the Applications tab, toggle on to create an association between the Application and the desired connection.
- The setup is now complete: test by navigating to Dashboard > Authentication > Enterprise > SAML < connection name> , three dots on the right, and Try the connection link.