Okta.Sdk.Model.SamlApplicationSettingsSignOn

December 12, 2025 ยท View on GitHub

SAML 2.0 sign-on attributes. > Note: Set either destinationOverride or ssoAcsUrl to configure any other SAML 2.0 attributes in this section.

Properties

NameTypeDescriptionNotes
AcsEndpointsList<AcsEndpoint>An array of ACS endpoints. You can configure a maximum of 100 endpoints.[optional]
AllowMultipleAcsEndpointsboolDetermines whether the app allows you to configure multiple ACS URIs
AssertionEncryptionSamlAssertionEncryption[optional]
AssertionSignedboolDetermines whether the SAML assertion is digitally signed
AttributeStatementsList<SamlAttributeStatement>A list of custom attribute statements for the app's SAML assertion. See SAML 2.0 Technical Overview. There are two types of attribute statements:Type
AudiencestringThe entity ID of the SP. Use the entity ID value exactly as provided by the SP.
AudienceOverridestringAudience override for CASB configuration. See CASB config guide.[optional]
AuthnContextClassRefstringIdentifies the SAML authentication context class for the assertion's authentication statement
ConfiguredAttributeStatementsList<SamlAttributeStatement>The list of dynamic attribute statements for the SAML assertion inherited from app metadata (apps from the OIN) during app creation. There are two types of attribute statements: `EXPRESSION` and `GROUP`.[optional]
DefaultRelayStatestringIdentifies a specific application resource in an IdP-initiated SSO scenario[optional]
DestinationstringIdentifies the location inside the SAML assertion where the SAML response should be sent
DestinationOverridestringDestination override for CASB configuration. See CASB config guide.[optional]
DigestAlgorithmstringDetermines the digest algorithm used to digitally sign the SAML assertion and response
HonorForceAuthnboolSet to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true`
IdpIssuerstringSAML Issuer ID
InlineHooksList<SignOnInlineHook>Associates the app with SAML inline hooks. See the SAML assertion inline hook reference.[optional]
ParticipateSloSloParticipate[optional]
RecipientstringThe location where the app may present the SAML assertion
RecipientOverridestringRecipient override for CASB configuration. See CASB config guide.[optional]
RequestCompressedboolDetermines whether the SAML request is expected to be compressed
ResponseSignedboolDetermines whether the SAML authentication response message is digitally signed by the IdP > Note: Either (or both) `responseSigned` or `assertionSigned` must be `TRUE`.
SamlAssertionLifetimeSecondsint?Determines the SAML app session lifetimes with Okta[optional]
SignatureAlgorithmstringDetermines the signing algorithm used to digitally sign the SAML assertion and response
SloSingleLogout[optional]
SpCertificateSamlSpCertificate[optional]
SpIssuerstringThe issuer ID for the Service Provider. This property appears when SLO is enabled.[optional]
SsoAcsUrlstringSingle Sign-On Assertion Consumer Service (ACS) URL
SsoAcsUrlOverridestringAssertion Consumer Service (ACS) URL override for CASB configuration. See CASB config guide.[optional]
SubjectNameIdFormatstringIdentifies the SAML processing rules. Supported values:
SubjectNameIdTemplatestringTemplate for app user's username when a user is assigned to the app

[Back to Model list] [Back to API list] [Back to README]