• App Control Console: All Supported Versions
• Okta: All Supported Versions

1. Go to System Configuration > SAML Login.
2. In the Service Provider section, switch from "XML" to "Manual" view and take note of the following URLs:

   Entity ID: https://APPCSERVER/simplesaml/module.php/saml/sp/metadata.php/default-sp
   Single Sign-On URL: https://APPCSERVER/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

Login to Okta:

1. On the main page, click the "Admin" button on the top right.
2. Click "Add Applications" on the right side menu.
3. Click the "Create New App" button on the left.
4. Select "Web" and "SAML 2.0" and click "Create".
5. Enter App name and other options then click "Next".
6. Single sign-on URL use:

   https://APPCSERVER/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp

7. Audience URI use:

   https://APPCSERVER/simplesaml/module.php/saml/sp/metadata.php/default-sp

8. Configure the Name ID Format to use Email Address
9. Application username: Email
10. Complete the internal app creation
11. On the next screen, right click "Identity Provider metadata" and select "Save link as" and save the XML file.

In the App Control console:

1. Go to  System Configuration > SAML Login.
2. Click "Add Identity Provider".
3. Enter a provider name (This will appear on the login page).
4. Click "Choose File" > point to the XML and Save.

You should now be able to login to the App Control console from the Applications section in the Okta app

• Manually from the Login Accounts menu in the console
• By logging in with an Active Directory user account first before attempting SAML

<  NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</NameID>