function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Michael Thackray 14Michael Thackray 14 

How to set up SSO via Okta to a Salesforce Sandbox Org?

We getting stuck:

 

Saml Validator shows us the following error:

 "Subject: Unable to map the subject to a Salesforce user"

We tried using the standard usernames our userbase has in production and also the updated usernames as lsited in the sandbox (where the '.sandboxname' is added as a suffix, and still get the above error.

As I understand it, if it works there should be the subject: username@domain.com Assertionid: randomlongstringofstuff.

Seems like we can't get the assertion to map correctly?

any help super appreciated.

AbhinavAbhinav (Salesforce Developers) 
Hi Michael,

Are you following  this doc?

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-in-Salesforce.html

Thanks!
Michael Thackray 14Michael Thackray 14

Hey Abhinav,
 

Went through that documentation with our IT team for the set up and have done everything correctly but still getting the above error.
John James 83John James 83
Add some texture to your space in a furnishing that feels as good as it looks. This pillow is made from a soft velvet fabric and is the perfect way to complete your room. The down insert is removable and includes a hidden zipper closure for easy removal. https://sarapalaciosdesigns.com/collections/velvet-pillows-throw-pillows
dhsio hdxsoidhsio hdxsoi
If you are looking to set the SSO with sandbox org I suggest you to click on this page (https://www.newhorizon.org/credit-info/suffering-from-a-lack-of-credit-history) where you will get the best solutions about it.
Millie AllenMillie Allen
Establish the username and password within the application. Return to Okta and access or create the app integration in the OIN. Choose the Sign On tab or step for the app integration. Choose Users share a single username and password set by the administrator, and then click Next.
GMGlobalConnect VSP (https://www.gmglobalconnect.me/)
Laura Rieder-MayringLaura Rieder-Mayring
According to this okta help center article https://support.okta.com/help/s/article/Salesforce-error-The-audience-in-the-assertion-did-not-match-the-allowed-audiences?language=en_US, you might have to check your custom domain / entity ID settings and making sure to drop the sandbox name from them.

I ran into the same issue and it was not resolved by these suggestions; instead I used the default entity ID (https://saml.salesforce.com) in the Salesforce Single Sign-On Settings and kept the custom domain field in okta blank; additionaly I set the application username format in okta to a custom one to replicate the same as for regular logins with user/pw (in okta expression language String.append(user.login, ".mysandbox").