Okta SAML authentication error


Hello Splunkers,

I am facing some difficulties with new Okta SAML authentication with Splunk enterprise, whenever user authenticate using OKTA getting an error as

"The 'Audience' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP."

When I am checking Splunk logs with

index=_internal sourcetype=splunkd SAML

I can see a below-mentioned error

ERROR Saml - Failed to verify the assertion - The 'Audience' field in the saml response from the IdP does not match the configuration., Error details=Expected=,
Tags (3)
0 Karma


I have the same issues. 

Issue is fixed by correcting the EntityID in my saml configurations. 

0 Karma


Hey @sumanssah ,

Your problem seems to be the first among the listed troubleshooting steps.Refer this doc below:

let me know if this helps!!

0 Karma


I referred above-mentioned link, however, no success

0 Karma

Path Finder

this issue occured to me when i gave wrong entityId while adding SAML metadata file.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!