On This Page

Okta Admins can upload their own SAML certificates to sign the assertion for Outbound SAML apps and to sign the AuthN request and decrypt the assertion for Inbound SAML.

Note: Okta as a SAML Service Provider is referred to as Inbound SAML. Okta as a SAML Identity Provider (IdP) is referred to as Outbound SAML.


To use your own SAML certificate, update the key credential for the affected apps or IdPs.

Outbound and Inbound SAML Applications

The general procedure is the same for both the Outbound and Inbound SAML applications. However, some of the API calls are different as described in the steps below. The general procedure contains the following steps:

Note: After you update the key credential, your users can't access the SAML app until you upload the new certificate to the ISV.

For information on using the Postman REST API test client for these steps, see Get Started with the Okta REST APIs.


If you need help or have an issue, post a question on the Okta Developer Forum (opens new window).