Go to the Tinderbox administrator site for your Tinderbox domain, located at https://[your-tinderbox-subdomain].mytinder.com, where [your-tinderbox-subdomain] is the subdomain name you entered on the Okta Tinderbox General tab, shown below:
Navigate to Integrations > SAML, then enter the following (see screen shot at end of step for reference):
Check Enable SAML.
IDP SSO Target URL: Leave this blank.
Metadata URL: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
Protocol Binding: Select None.
Authn Context: Select PasswordProtectedTransport.
IDP Certificate Fingerprint: Leave this blank.
Certificate: Leave the default value: No file chosen.
Name Identifier Format: Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
Click Save.
Notes:
IDP-initiated flows, SP-initiated flows, and Just In Time (JIT) provisioning are all supported.
For JIT you should set Auto-Provision Users feature to YES in the SAML settings in your Tinderbox admin account.
Go to https://[your-tinderbox-subdomain].mytinder.com
Click Log in with Okta: