OKTA SAML issue

We can access the Cloudflare platform if we go to the Cloudflare website, and then it asks for logging via SSO; it redirects to Okta and authenticate as SSO and get it through to the Cloudflare home page (dashboard).

The only issue we are facing is if we are trying to access Cloudflare via chicklet on Okta, it doesn’t allow us to proceed and reflects the error “Invalid login session. Please try going to the URL of your application.”

I might suspect that the SSO/Recipient or Destination URL at the OKTA end is not correct, I did follow the steps mentioned https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/saml-okta with SSO URL https:// ```/cdn-cgi/access/callback.

Did someone faced this issue before or anyone can help us here.
Our motto is to use OKTA as a SAML not as OpenID.

Cloudflare’s dashboard doesn’t support SSO initiated authentication. You’ll want to unpublish the chiclet as it’ll just confuse people and never work.

I am afraid that this won’t work as the documentation from Cloudflare states that this feature/capability is there and should be available to use.
Because without the chicklet, User/Admin need to remember/save the URL for Cloudflare and downgrade the user experience in terms of accessing the portal.

Not aware of the documentation that says that, but you should definitely bring it to your account team’s attention so they can correct it.

At some point hopefully they’ll add support, but AFAIK it hasn’t been added at this time.