Using Okta as identity provider for mobile clients

First you need to create your OKTA domain that you will use for your organization. A trial period (30 days) is available if you are not yet sure that  OKTA is what you need. You can create your domain and start your trial period here:

Create app from Template Neptune Mobile Client

When logged is an Admin in your Okta account, go to Applications, and press the button "Browse App Catalog".

sap edition okta2 1

Search for Neptune Mobile Client and then press the Add button.

sap edition okta2 2

In the Sign On section of the app you can click on the "View Setup Instructions" button for more detailed instructions.

Create app without Template

First go to Applications, and "Add Application".

sap edition okta1

Next select "Create New App" instead of selecting one of the many templates.

sap edition okta2

In the first screen, select SAML 2.0:

sap edition okta3

Next configure the SAML integration in OKTA:

sap edition okta4

The Provider name to be used for Audience URI must correspond to what you have/specify in transaction SAML2 in your SAP system:

sap edition okta5

After you click Finish on the Wizard of Application creation in OKTA, you can go to the Sign On tab to get further setup instructions:

sap edition okta6

With the setup instructions you can create a metadata file that you can upload in SAP transaction SAML2 when creating a new Trusted Provider:

sap edition okta7

Leave all default values in the Wizard and just click "Next" and "Finish". In this example the logon to SAP is the Logon Alias for the SAP user, which should contain the users okta username (email). We therefore need to setup "Specified NameID Formats" like this:

sap edition okta8