Page tree


The 3rd Party IDP page allows you to configure 3rd party IdP (identity provider) authentication for users with an email domain that matches the selected domain name. You can use the same IdP configuration to authenticate users from multiple domains, as long as the domains match the federated configuration. For more information, see Configuring IdP Authentication. The SSO Portal currently supports OIDC and SAML2.0 standard compliant IdP providers, including Okta, Azure AD, and ForgeRock.

Important Note

Information about configuring SAML federation described in this topic is relevant only to the BloxOne services configurable through the Cloud Services Portal. This information is not applicable to NIOS or the NIOS Grid. For information about how to authenticate admins using SAML in NIOS, see Authenticating Admins through SAML for NIOS 8.5 and Authenticating Admins through SAML for NIOS 8.4.


If MFA (multi-factor authentication) is already activated for the selected domain, you cannot activate the 3rd party IdP until you have deactivated MFA for that domain.

To configure 3rd party IdP settings, complete the following:

  1. Configuring IdP Authentication
  2. Generate audience keys
  3. Create a SAML 2.0 Application for OKTA
    Create a SAML 2.0 Application for Azure AD
    Create SAML 2.0 Federation for ForgeRock
  4. Map IdP user groups to CSP user groups (optional)
  5. Test 3rd party IdP authentication
  6. Activate 3rd party IdP authentication

You can also perform the following after you set up 3rd party IdP authentication:

  • No labels

This page has no comments.