Troubleshooting IDP-initiated SSO with Okta: Remove Other SAML Providers

Troubleshooting IDP-initiated SSO failures with Okta

Problem

IDP-initiated SSO (logging in from your identity provider portal) fails while SP-initiated SSO (logging in from Sourcegraph) succeeds.

Cause

Sourcegraph allows only one SAML auth provider for IDP-initiated SSO. If multiple SAML providers are configured, IDP-initiated logins can fail.

Solution

1. Remove any additional SAML auth providers you are not using for IDP-initiated SSO (for example, OneLogin) from your site config.

2. Restart your Sourcegraph instance to apply the updated auth.providers site config.

3. Test IDP-initiated login from Okta again.

Notes

• SP-initiated SSO may continue to work without removing the extra provider; the restriction applies to IDP-initiated flows.

• Ensure Okta is configured correctly as the active SAML provider before testing.

Still having trouble?

If the problem persists after removing other SAML providers and restarting, contact support with configuration details and logs (without any sensitive credentials).