We were recently attempting to enabled OKTA SSO to ISC, but were receiving a FailedSAMLAssertion error after configuration. After some troubleshooting, and reviewing similar posts, we determined the issue was that our admin accounts had multiple identity profiles in which one of the identity sources was from a delimited (flat) file. By removing the second identity profile from a flat file, the error was resolved. I believe this is due to the SSO verification could not be completed, due to multiple accounts existing for the same user.
Yes, that is correct. The NameID in the SAML assertion must be unique (resolve only to a single identity)
If you are using email as the SAML Name ID, then only one identity in ISC must have that email.
You can use Okta ID as the SAML Name ID, as that is unique. If you do this then you need to index it so it is a searchable attribute.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.