This summary clarifies settings that can be confusing or have different names. Be sure to refer to the specific Help page (if there is one) for each Identity Provider in case there are further details and settings.
----------------------
Identity Provider (IdP): The non-Wasp service that provides user authentication for access to the Wasp product.
Service Provider (SP): The Wasp Cloud software product.
SSO Prerequisites: User and group/role setup that match names.
----------------------
Wasp settings, SAML Service Configuration Valid checkboxes (at the bottom of the page)
Include RequestedAuthnContext
This should always start unchecked. This should only be checked for backwards compatibility if validation fails, due to using an older SAML server.
Okta:
Always force SAML signature validation
This Wasp setting depends on what is set on the IdP (Identification Provider). Generally, if the IdP requires verification certificates for signature validation, check this box.
Okta:
----------------------
SAML Claims/Name ID: Unique identifier for the user. Wasp requires this to be the user's email address.
Okta: Name ID format: EmailAddress
----------------------
SAML IdP Service provider Metadata file: Download the XML file to your PC from the (non-Wasp) authentication provider configuration page. Upload this saved file in the Wasp SSO settings page.
In the unlikely event that the XML file is not available, an alternate set of 3 items (from your SAML IdP Administrator) can be used: the SAML URL, 509 Certificate, and Issuer values.
Okta: SAML Signing Certificates, Actions button, Download certificate.
----------------------
SSO URL: May be referred to as "SSO Service URL", "SAML Post URL location", or "SAML Assertion Consumer Service (ACS) URL".
Found in Wasp's Settings page, in the formhttps://YourTenant.waspassetcloud.com/Account/Samlhttps://YourTenant.waspinventorycloud.com/Account/Saml
Okta: Single sign-on URL
Check the box for "Use this for Recipient URL and Destination URL"
----------------------
Entity Id: Found in Wasp's Settings page, in the formhttps://YourTenant.waspassetcloud.comhttps://YourTenant.waspinventorycloud.com
Okta: Audience URI (SP Entity ID)