Create SAML application for Mirror Gateway using OKTA
search cancel

Create SAML application for Mirror Gateway using OKTA


Article ID: 272431


Updated On:


CASB Gateway Advanced Mirror Gateway CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS


A SAML application must be created for MIG (Mirror Gateway) in OKTA prior to provisioning MIG.


In order to configure user initiated mirror gateway flow do the following:

1. Create a customer SAML application in your OKTA tenant.
2. Okta Configuration.
3. o365 Configuration.


1.1 Create a custom SAML application to be able to download the metadata file:

  • Log in to your OKTA tenant 
    Add Application
    Select Custom SAML 2.0 application: 

Create a new SAML 2.0 APP

Select an APP name (this information will only be used internally)
Select Do not display application to the end user ( this information will only be used internally) 


Click Next

The values in the SSO URL and the Audience URI will be provided by the MIG team following configuration. For the meanwhile use : as a place holder.

Add custom SAML attribute to the application :
IDPEmail  =

Mapping attributes for Office (Optional for Google)

Mirror gateway supports additional custom saml attributes that can be used to affect the structure of the saml response:

  • CASBUser - sets the user identifier used to access the CASB tenant, if missing the value of the NameID attribute is used. Should hold the user’s UPN
  • MIGNameID - changes the existing NameID attribute of the saml response. Should hold the user’s ImmutableID, be sure to verify the attribute name that holds it after the AD sync.

Click next
Finish the survey and click Finish.

The application will be created and presented:

Right click the Identity Provider Metadata link, and download the metadata file. 

Please provide the file to complete the provisioning process. 

2. Okta Configuration

On the previous step, we left two place holders in the OKTA custom SAML application configuration. 
Edit the application and replace them with the following values: