Create a New SAML Identity Provider in Workspace ONE Access

Create a new SAML identity provider in the Workspace ONE Access console for the Okta integration.

Procedure

In the New Identity Provider page, enter the following information.

Option	Description
Identity Provider Name	Enter a name for the new identity provider, such as `Okta SAML IdP`.
Binding Protocol	Select `HTTP Post`. Note: This field appears after you enter the metadata URL in the SAML Metadata section and click Process IdP Metadata.
SAML Metadata	In the Identity Provider Metadata text box, enter the metadata URL copied from Okta. For example: `https://yourOktaTenant/app/appId/sso/saml/metadata` Click Process IdP Metadata. In the Identify User Using section, select NameID Element. In the Name ID format mapping from SAML Response section, click the + icon, then select the following values: Name ID Format: `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` Name ID Value: `userPrincipalName` Note: Select the User Attribute that the application username value defined in Okta will match. In the Name ID Policy in SAML Request section, select the same value that you selected for Name ID Format in the previous step: `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` Leave the Send Subject in SAML Request (when available) check box unselected.
Users	Select the directories you want to authenticate using this identity provider.
Network	Select the networks that can access this identity provider.
Authentication Methods	Enter the following: Authentication Methods: Enter a name for the Okta authentication method, such as `Okta Auth Method`. SAML Context: `urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport`

For example:
The image displays the New Identity Provider form filled out with the values mentioned above.