Create a new SAML identity provider in the Workspace ONE Access console for the Okta integration.


  1. Log in to the Workspace ONE Access console as the System administrator.
  2. Select Integrations > Identity Providers.
  3. Click Add Identity Provider and select Create SAML IDP.

    Create SAML IDP in Workspace One Access.

  4. In the New Identity Provider page, enter the following information.
    Option Description
    Identity Provider Name Enter a name for the new identity provider, such as Okta SAML IdP.
    Binding Protocol Select HTTP Post.
    Note: This field appears after you enter the metadata URL in the SAML Metadata section and click Process IdP Metadata.
    SAML Metadata
    1. In the Identity Provider Metadata text box, enter the metadata URL copied from Okta. For example:


    2. Click Process IdP Metadata.
    3. In the Identify User Using section, select NameID Element.
    4. In the Name ID format mapping from SAML Response section, click the + icon, then select the following values:

      Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

      Name ID Value: userPrincipalName

      Note: Select the User Attribute that the application username value defined in Okta will match.
    5. In the Name ID Policy in SAML Request section, select the same value that you selected for Name ID Format in the previous step:


    6. Leave the Send Subject in SAML Request (when available) check box unselected.
    Users Select the directories you want to authenticate using this identity provider.
    Network Select the networks that can access this identity provider.
    Authentication Methods Enter the following:

    Authentication Methods: Enter a name for the Okta authentication method, such as Okta Auth Method.

    SAML Context: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

    For example:
    The image displays the New Identity Provider form filled out with the values mentioned above.
  5. Click Add.