Okta IDP Initiated RelayState

Todd picture Todd · Jun 17, 2016 · Viewed 8.3k times · Source

Can anyone tell me how to pass RelayState for an IDP initiated SSO connection. We have the SSO working but would like to deep link to a page within the service provider's application. They have instructed us on the RelayState to pass but I can't figure out how to format the URL for Okta. We are using the app embedded link and would like to append RelayState to the query string.

Answer

Zj Wine picture Zj Wine · May 2, 2017

For IdP initiated SSO (where you login to IdP first, then access SP), you can modify the RelayState under General SAML settings, like: edit default relaystate for IdP initiated sso

Note the app embed url is for IdP initiated SSO only, it shouldn't be used for SP initiated SSO as its IdP SSO URL.

When user accesses SP directly (without login to IdP first), it starts a SP initiated SSO. That's where you can append the ?RelayState=your_deep_link to the IdP SSO URL, so that after you login on IdP, it returns the deep link back to SP for you to redirect to.

And like @Thomas Kirk said, "you can find the IdP SSO URL url by clicking "View Setup Instructions" on the Sign On tab for the application in the admin console."