Okta.Sdk.Model.SamlApplicationSettingsSignOn
December 12, 2025 ยท View on GitHub
SAML 2.0 sign-on attributes. > Note: Set either destinationOverride or ssoAcsUrl to configure any other SAML 2.0 attributes in this section.
Properties
| Name | Type | Description | Notes |
|---|---|---|---|
| AcsEndpoints | List<AcsEndpoint> | An array of ACS endpoints. You can configure a maximum of 100 endpoints. | [optional] |
| AllowMultipleAcsEndpoints | bool | Determines whether the app allows you to configure multiple ACS URIs | |
| AssertionEncryption | SamlAssertionEncryption | [optional] | |
| AssertionSigned | bool | Determines whether the SAML assertion is digitally signed | |
| AttributeStatements | List<SamlAttributeStatement> | A list of custom attribute statements for the app's SAML assertion. See SAML 2.0 Technical Overview. There are two types of attribute statements: | Type |
| Audience | string | The entity ID of the SP. Use the entity ID value exactly as provided by the SP. | |
| AudienceOverride | string | Audience override for CASB configuration. See CASB config guide. | [optional] |
| AuthnContextClassRef | string | Identifies the SAML authentication context class for the assertion's authentication statement | |
| ConfiguredAttributeStatements | List<SamlAttributeStatement> | The list of dynamic attribute statements for the SAML assertion inherited from app metadata (apps from the OIN) during app creation. There are two types of attribute statements: `EXPRESSION` and `GROUP`. | [optional] |
| DefaultRelayState | string | Identifies a specific application resource in an IdP-initiated SSO scenario | [optional] |
| Destination | string | Identifies the location inside the SAML assertion where the SAML response should be sent | |
| DestinationOverride | string | Destination override for CASB configuration. See CASB config guide. | [optional] |
| DigestAlgorithm | string | Determines the digest algorithm used to digitally sign the SAML assertion and response | |
| HonorForceAuthn | bool | Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true` | |
| IdpIssuer | string | SAML Issuer ID | |
| InlineHooks | List<SignOnInlineHook> | Associates the app with SAML inline hooks. See the SAML assertion inline hook reference. | [optional] |
| ParticipateSlo | SloParticipate | [optional] | |
| Recipient | string | The location where the app may present the SAML assertion | |
| RecipientOverride | string | Recipient override for CASB configuration. See CASB config guide. | [optional] |
| RequestCompressed | bool | Determines whether the SAML request is expected to be compressed | |
| ResponseSigned | bool | Determines whether the SAML authentication response message is digitally signed by the IdP > Note: Either (or both) `responseSigned` or `assertionSigned` must be `TRUE`. | |
| SamlAssertionLifetimeSeconds | int? | Determines the SAML app session lifetimes with Okta | [optional] |
| SignatureAlgorithm | string | Determines the signing algorithm used to digitally sign the SAML assertion and response | |
| Slo | SingleLogout | [optional] | |
| SpCertificate | SamlSpCertificate | [optional] | |
| SpIssuer | string | The issuer ID for the Service Provider. This property appears when SLO is enabled. | [optional] |
| SsoAcsUrl | string | Single Sign-On Assertion Consumer Service (ACS) URL | |
| SsoAcsUrlOverride | string | Assertion Consumer Service (ACS) URL override for CASB configuration. See CASB config guide. | [optional] |
| SubjectNameIdFormat | string | Identifies the SAML processing rules. Supported values: | |
| SubjectNameIdTemplate | string | Template for app user's username when a user is assigned to the app |