Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

OKTA Integration to Experience cloud

Avatar

Level 1

Hi,

 

I am looking to configure Federated ID login into the experience cloud, using OKTA as our IDP.  Having followed the instructions provided in the following two links:

https://helpx.adobe.com/uk/enterprise/using/set-up-identity.html

https://helpx.adobe.com/uk/enterprise/kb/configure-okta-with-adobe-sso.html

 

I am now redirected to a url:

https://adobeid-na1.services.adobe.com/renga-idprovider/pages/federated/callback?error=state_not_pro...

 

With the message on screen:

An error occurred

This might be a sign of an IDP initiated login, which we don't support.

 

Could anyone enlighten me please as to the solution to this  problem?   The error message in the URL suggests that I have not provided a state, but I do not now what this state is.

 

Many thanks in advance for any help.

3 Replies

Avatar

Employee Advisor

Hi @neilcbs 

 

Federated ID login (SSO) into the experience cloud is SP initiated only not IdP.

 

Thus, the correct workflow is as follows

 

1. Go to experincecloud.adobe.com

2. Enter email address 》 select option for company or school account

3. redirected to your IdP provider 

4. Enter SSO credentials when prompted 

5. on successful SAML assertion your a redirected back to the Experience Cloud

 

Hope this helps!

Josh

Avatar

Level 10
Do any of the answers below answer your initial question? If so, can you select one of them as the correct answer? If none of the answers already provided answer your question, can you provide additional information to better help the community solve your question?

Avatar

Level 1

Hi @Joshua_Eisikovi 

I have reached this thread because we experienced the same issue using Google as IdP.

 

We performed the configuration steps explained in this article: https://support.google.com/a/answer/9291980

 

The Adobe icon appears in the Google Application Launcher (𝌠) for the users we set up (a certain group). However when they click on it (IdP initiated process) we recieve the error message describe in the original post.

 

If the process is initiated by going to "experincecloud.adobe.com" everything works ok.

 

Is there any way of enabling the IdP initiated SAML? Or is this feature in your roadmap?

 

Thanks and regards

 

Nicolas Trejo

IT Lead