How to change Identity Providers

Description of Issue

Users authenticate on the current IdP and would like to change to a different one

Context
  • Okta

  • Admin Center

  • IdP

  • Identity Provider

  • TID-W

  • SAML

  • OIDC

Cause

Resolution

Configuration

  1. As an Org Admin, login to Admin Center 

  2. Navigate to Identity Workforce>Identity Providers

  3. Click Add a new provider and select provider from drop-down

  4. Fill in the requested into depending on provider whether OIDC or SAML

  5. Click Next through to the Test step

  6. Note if you do not complete the setup for the new provider, it will leave it in a Staged status. 

Test

  1. Click Test Identity provider configuration. This will launch a new tab to test logging into your new identity provider. This is optional but highly recommended. The account that is signed in will be tested against the federation

  2. Verify the testing of the login and if unsuccessful, re-check your IdP configuration

  3. Click Next

  4. Configuring and obtaining a successful test result, but not adding domains in the next step, leaves the identity provider in an inactive state. It is configured correctly, but users are not yet using it to sign in

Domains

  1. In the drop-down for Email domains, select the domains to use with the new identity provider

  2. Click Save and close

  3. The new identity provider should now show as In Use


Additional Information

Testing doesn't make the federation active. Adding a domain in the step activates the federation for users with IDs from that domain