Troubleshooting Invalid SSO in OKTA SAML Integration

Harness supports Single Sign-On (SSO) with SAML, integrating with your SAML SSO provider to enable you to log your users into Harness as part of your SSO infrastructure.

Screenshot 2022-11-02 at 2.56.50 PM

There are multiple scenarios when users see the InvalidSSO error while setting up the OKTA SAML integration. We will be taking you through one of the scenarios where this error could occur and how to avoid this.

When on Create SAML integration page as below :

We usually keep the Application username as Okta username.

But the OKTA username could be different than your email and you can check the same by going to My Profile in OKTA and shall details such as OKTA username , Email etc.

If your Okta username is different than your email.

You will need to change the Application username to Email in the SAML Integration section as below :

Users are invited to Harness using their email addresses. Once they log into Harness, their email addresses are registered with Harness as Harness Users. To use SAML SSO, Harness Users must use the same email addresses to register in Harness and the SAML provider.

If this is not set correctly User will see the InvalidSSO error while testing the OKTA App.

Also When you save the above configuration if it had an existing setting of Okta Username and now updated to email. You will need to update the configuration to take place by click on Update now in your application signon setting page as per below image. As without updating this the changes wont take place by the initial save option.

Now you should be good to test the integration.

OKTA SAML SSO Integration Documentation :