Create the identity provider record in Okta.

For additional information about how Okta handles external identity providers, see the Okta documentation on Identity Providers.

Procedure

  1. Log in to the Okta Admin console with Administrator privileges or any role entitled to add an Identity Provider.
  2. Navigate to Security > Identity Providers.
  3. Click Add Identity Provider.
  4. Enter a name for the identity provider. For example, Workspace ONE.
  5. Enter the following information:
    Option Description
    IdP Username idpuser.subjectNameId

    If you plan to send the username in a custom SAML attribute, define an appropriate expression. For information, see https://developer.okta.com/reference/okta_expression_language.

    Filter Uncheck the box.
    Match against Okta Username

    Adjust the selection as required for your environment and the values that you plan to send.

    See the Directory Alignment chapter for information.

    If no match is found Redirect to Okta sign-in page
    IdP Issuer URI Enter the entityID.

    This is the value you obtained from the identity provider metadata file from Workspace ONE. For example:

    https://tenant.vmwareidentity.com/SAAS/API/1.0/GET/metadata/idp.xml

    IdP Single Sign-On URL Enter the SingleSignOnService Location URL.

    This is the value you obtained from the identity provider metadata file from Workspace ONE. For example:

    https://tenant.vmwareidentity.com/SAAS/auth/federation/sso

    IdP Signature Certificate Browse and select the Signing Certificate file you downloaded from Workspace ONE.
    Tip: You may need to change the file extension or default browser filter to look for *.crt and *.pem files.

    add idp in okta

  6. Click Show Advanced Settings, scroll to the Request Authentication Context option, and select Device Trust.
    This setting specifies the context of the authentication request.

    device trust option in Advanced settings

  7. Click Add Identity Provider.
  8. Verify that the following information appears:
    • SAML Metadata
    • Assertion Consumer Service URL
    • Audience URI
    For example:

    add idp in okta

  9. Download and save the metadata file.
    1. Click the Download Metadata link.
    2. Save the metadata file locally.
    3. Open the metadata file and copy its contents.
      You will use this metadata when you configure the Okta Application Source in Workspace ONE Access.

What to do next

Configure the Okta Application Source. Configuring the Okta Application Source is mandatory.