My Oracle Support Banner

How To Configure SAML SSO on OBIEE 12c With OKTA Identity Provider (IdP) (Doc ID 2348673.1)

Last updated on JUNE 09, 2024

Applies to:

Business Intelligence Suite Enterprise Edition - Version to [Release 12c to 12g]
Information in this document applies to any platform.


The main purpose of the document is to provide the configuration steps to implement Security Assertion Markup Language (SAML) 2.0 Web Single Sign On (SSO) for OBIEE 12c using OKTA as Identity Provider (IdP).   If you encounter issues while implementing these steps, then they are not necessarily handled by OBIEE product support group. Based the issue, the appropriate support team (e.g. - OKTA IdP, HTTP Server, Loadbalancer, webLogic or OBI team may need to be engaged.

This is a Service Provider (SP) Initiated SSO which means the user directly access the Analytics SP URL that gets re-directed to OKTA for Authentication.


Before following the steps in this document, ensure:

  • The OBIEE environment is in working condition.
  • Verify the users login to Analytics from Default LDAP and|or external LDAP users (if any).
  • Take a complete domain backup before attempting to implement SAML.


For Oracle Analytics Server (OAS), please use the approach documented in:
SAML 2.0 and Kerberos Single Sign-On Configuration for Oracle Analytics Server (Doc ID 2761678.1)



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1. Prerequisites
 1.1 OKTA Prerequisites
 1.2 OBIEE 12c Prerequisites
 2. Configuring BI Domain as a Partner (SP) with OKTA (IdP)
 3. Configuring BI Domain for SAML Authentication
 3.1 Adding OKTA as an Identity Provider Partner
 3.2 Configuring managed server ( bi_server1 ) as Service Provider
 4. Enable Analytics Application for SSO
 4.1 Update analytics.ear to include required security role
 4.2 Redeploy analytics application
 5. Enable SSO in EM
 6. Setup Authorization
 7. Restart all the Services
 8. Verify the SAML SSO Login
 9. Basic Troubleshooting
 9.1 HTTP 404 on /saml2/sp/acs/post

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.