/mcpThe browser follows the hidden form POST instruction and posts the Assertion to the ACS URL on the service provider. 12 The service provider extracts the Assertion and validates the digital signature. Note The service provider uses this digital signature to establish the circle of trust with the IdP. 13 The service provider then grants access to the protected resource and provides the resource content by replying 200 OK to the browser. Note The service provider is responsible for resource authorization. For example, users may be authenticated successfully by the IdP, but still may not be able to log in to the Cisco Unified CM Administration interface unless they have administrator role permissions, as configured on Cisco Unified Communications Manager. Note The service provider sets its cookie here. If there is a subsequent request by the browser for an additional resource, the browser includes the service provider cookie in the request. The service provider checks whether a session already exists with the browser. If a sesMicrosoft Teamssion exists, the web browser returns with the resource content. 14 Java Requirements for SAML SSO Login to RTMT via Okta If you have SAML SSO configured with Okta as the identity Provider, and you want to use SSO to log in to the Cisco Unified Real-Time Monitoring Tool, you must be running a minimum Java version of 8.221. This requirement applies to 12.5(x) releases of Cisco Unified Communications Manager and the IM and Presence Service. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 12 SAML-Based SSO Solution Java Requirements for SAML SSO Login to RTMT via Okta