How to Create Zunos SAML App in Okta

NOTE: This will require you to create an application from within Okta


1. Click on “Add Application” from with the Applications menu in Okta Administration

  • 2. Click the “Create New App” button to start the build:

3. Platform: Web

  • 4. Sign on Method: SAML 2.0

  • 5. Click Create


6. App name is customizable, this example displays “Zunos"

  • 7. App logo is also customizable, users can implement the logo used here:



  • NOTE: App visibility is at user's discretion

  • 8. Click Next

9. Use the following guidelines to fill in the SAML Settings:



  • 10. Click Next

  • 11. Choose “I’m an Okta customer adding an internal app” and click “Finish”

  • Here is an example assertion:


<?xml version="1.0" encoding="UTF-8"?>

<saml2:Assertion ID="id28996579477688361800992104" IssueInstant="2020-06-08T12:56:16.305Z" Version="2.0"

    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

    <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/Issuer</saml2:Issuer>

    <saml2:Subject>

        <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">userName</saml2:NameID>

        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

            <saml2:SubjectConfirmationData NotOnOrAfter="2020-06-08T13:01:16.499Z" Recipient="https://auth.zunos.com/Saml2/oktadevsaml/Acs"/>

        </saml2:SubjectConfirmation>

    </saml2:Subject>

    <saml2:Conditions NotBefore="2020-06-08T12:51:16.499Z" NotOnOrAfter="2020-06-08T13:01:16.499Z">

        <saml2:AudienceRestriction>

            <saml2:Audience>zunos:saml2</saml2:Audience>

        </saml2:AudienceRestriction>

    </saml2:Conditions>

    <saml2:AuthnStatement AuthnInstant="2020-06-08T12:56:16.305Z">

        <saml2:AuthnContext>

            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>

        </saml2:AuthnContext>

    </saml2:AuthnStatement>

</saml2:Assertion>


After setup is complete, users can access the IDP metadata.xml file from the application “Sign On” tab:


  • Download the “Identity Provider metadata” and supply it to Bigtincan for setup.