Okta Developer Logo
  • Community
    • Forum
    • Blog
    • Toolkit
  • Pricing
  • Okta.com
  • Sign in to Okta
  • Guides
  • Concepts
  • Reference
  • Languages & SDKs
Sign Up
    • Home
    • Guides
      • Guides overview
      • Basics
        • Quickstart: Signing in your first user
          • Create your Okta organization
          • Using the Console
          • Add a user using Console
          • Register your app
          • Try signing in
          • Try our APIs and SDKs
        • Create an API token
          • Overview
          • Create the token
          • Token expiration and deactivation
          • Next steps
        • Enable CORS
          • Overview
          • Grant cross-origin access to websites
          • Test your configuration
          • Next steps
        • Find your Okta domain
          • Overview
          • Find your Okta domain
        • Find your application credentials
          • Overview
          • Find your app integration credentials
        • Share Application Key Credentials for IdPs across Apps
          • Overview
          • Generate a new credential for the source app
          • Update the source app to use the new certificate
          • Share the source app's key credential ID with the target app
          • Update the target app to use the new credential
          • Next steps
        • Set up SAML Tracer
          • Overview
        • Upgrade SAML Apps to SHA256
          • Overview
          • Get the app info
          • Generate a new application key credential
          • Update the key credential for the app to specify the new signing key id
          • Upload the new certificate to the ISV
          • Reverting to a SHA1 Certificate
        • Sign the Okta certificate with your own CA
          • Overview
          • List your apps
          • Generate a CSR
          • Sign the CSR
          • Publish a CSR with a certificate
          • Update the key credential
          • Clone the certificate
          • Upload the new certificate to the ISV
        • Set up self-service registration
          • Before you begin
          • Enable and configure a self-service registration policy
          • Disable the security image and additional self-service recovery options
          • Configure registration in the widget
          • Next steps
      • Sign Users In
        • Add an external Identity Provider
          • Before you begin
          • Create an App at the Identity Provider
          • Create an Identity Provider in Okta
          • Register an App in Okta
          • Create the Authorization URL
          • Use the Identity Provider to sign in
          • Next steps
        • Add multifactor authentication
          • Prerequisites
          • Set up your Okta org for MFA
          • Test the Postman setup
          • Create a test User
          • Enroll a factor
          • Activate the factor
          • Verify the factor
          • Next steps
        • Mobile App
          • Unlock a mobile app with biometrics
            • Overview
            • Add and configure packages
            • Store tokens
            • Discard access tokens
            • Retrieve refresh token
            • Next steps
          • Build a custom sign-in UI in your mobile app
            • Before you begin
            • Create an Okta application
            • Add and configure packages
            • Build the primary authentication form
            • Handle authentication responses
            • Next steps
          • Sign users in to your mobile app
            • Before you begin
            • Define a callback route
            • Create an Okta app integration
            • Add and configure packages
            • Open the sign-in page
            • Get info about the user
            • Check for a session at startup
            • Keep the user signed in
            • Use the access token
            • Next steps
          • Share a sign-in session with native mobile apps
            • Overview
            • Session and persistent Single Sign-On
            • Configure Two OpenID Connect Native Apps
            • Set up the first mobile app
            • Create a second mobile app
            • Optional Settings
            • Next steps
        • Sign users in to your single-page application
          • Before you begin
          • Define a callback route
          • Create an Okta app integration
          • Install the SDK
          • Configure the SDK
          • Add a button to sign in
          • Handle the callback from Okta
          • Require authentication
          • Get info about the user
          • Use the access token
          • Next steps
        • Sign users in to your web application
          • Before you begin
          • Understand the callback route
          • Create an Okta app integration
          • Add and configure packages
          • Redirect to the sign-in page
          • Require authentication
          • Get info about the user
          • Next steps
        • Sign users out
          • Before you begin
          • Define the sign-out callback
          • Sign users out of Okta
          • Sign users out of your app
          • Next steps
        • Configure Okta sign-on and App sign-on policies
          • Before you begin
          • Prompt for an MFA factor for a certain group
          • Prompt for an MFA factor when a user is outside the US
          • Next steps
      • Authorization
        • Implement the Authorization Code flow
          • Overview
          • Set up your Application
          • Use the Authorization Code flow
          • Exchange the code for tokens
          • Next steps
        • Implement the Authorization Code flow with PKCE
          • Overview
          • Set up your Application
          • Use the Authorization Code flow with PKCE
          • Exchange the code for tokens
          • Next steps
        • Create an Authorization Server
          • Overview
          • Create an authorization server
          • Create access policies
          • Create Rules for Each Access Policy
          • Create Scopes
          • Create Claims
          • Test the authorization server
        • Implement the Client Credentials flow
          • Overview
          • Set up your Application
          • Create custom scopes
          • Use the Client Credentials flow
          • Next steps
        • Implement the Implicit flow
          • Overview
          • Set up your Application
          • Use the Implicit flow
          • Next steps
        • Request user consent
          • Overview
          • Enable consent for scopes
          • Build the request
          • Verification
          • Revoke consent for a user
          • Troubleshooting
        • Implement the Resource Owner Password flow
          • Overview
          • Set up your Application
          • Use the Resource Owner Password flow
          • Next steps
        • Implement the SAML 2.0 Assertion flow
          • Overview
          • Identity Provider and Service Provider Configuration
          • Set up your application
          • Configure the Authorization Server policy
          • Use the SAML 2.0 Assertion flow
          • Next steps
        • Tokens
          • Build a JWT for Client Authentication
            • Overview
            • Gather Claims Information
            • Build a JWT With a Shared Key
            • Build a JWT With a Private Key
            • Next Steps
          • Customize tokens returned from Okta with custom claims
            • Overview
            • Request a token that contains the custom claim
            • Add a custom claim to a token
            • Include app-specific information in a custom claim
            • Next steps
          • Customize tokens returned from Okta with a Groups claim
            • Overview
            • Request a token that contains the custom claim
            • Add a Groups claim for the Org Authorization Server
            • Add a Groups claim for a Custom Authorization Server
            • Next steps
          • Customize tokens returned from Okta with a dynamic allow list
            • Overview
            • Request a token that contains the custom claim
            • Add a Groups claim with a dynamic allow list
            • Use a dynamic group allow list with the Org Authorization Server
            • Use a dynamic group allow list with a Custom Authorization Server
            • Next steps
          • Customize tokens returned from Okta with a static allow list
            • Overview
            • Request a token that contains the custom claim
            • Add a Groups claim with a static allow list
            • Use a static group allow list with the Org Authorization Server
            • Use a static group allow list with a Custom Authorization Server
            • Next steps
          • Refresh access tokens
            • Overview
            • Refresh token rotation
            • Get a refresh token
            • Use a refresh token
            • Next steps
          • Revoke Tokens
            • Overview
            • Revoke an access token or a refresh token
            • Remove a User session
          • Work with Okta session cookies
            • Overview
          • Validate Access Tokens
            • Overview
          • Validate ID Tokens
            • Overview
      • Brand and Customize
        • Customize the Okta-hosted error pages
          • Overview
          • Edit the error page
          • Use macros
          • Customization examples
          • Next steps
        • Customize the Okta URL domain
          • Before you begin
          • Gather information
          • Enable the custom domain
          • Update other Okta settings
          • Create a custom domain with Cloudflare
          • Next steps
        • Style the Widget
          • Before you begin
          • Style the self-hosted Sign-In Widget
          • Style the Okta-hosted Sign-In Widget
          • Customization examples
          • Next steps
        • Customize SMS messages
          • Before you begin
          • Customize the Okta Default SMS message
          • Add a translation
          • Next Steps
        • Customize email notifications and email domains
          • Before you begin
          • Customize email templates
          • Configure a custom email domain
          • Next steps
      • OIN Partner Integrations
        • Build a SCIM provisioning integration
          • Overview
          • Prepare your SCIM service
          • Test your SCIM API
          • Connect your SCIM service with a new Okta integration
          • Configure your Okta integration
          • Check the attributes and corresponding mappings
          • Test your Okta integration
          • Run through OIN QA tests
          • Next Steps
        • OIDC and the OIN: A Developer Primer
          • Overview
          • Background
          • Protocol-level requirements
          • Multi-tenancy
          • OIN integration best practices
          • Next steps
        • Build a Single Sign-On (SSO) integration
          • Overview
          • Prepare your integration
          • Create your integration
          • Specify your integration settings
          • Test your integration
          • Next Steps
        • Submit an app integration
          • Overview
          • Prepare a customer-facing configuration guide
          • Configure general settings
          • Configure protocol-specific settings
          • Understand the submission process
          • Update your published integration
      • API Security
        • Implement OAuth for Okta
          • Overview
          • Create an OAuth 2.0 app in Okta
          • Define allowed scopes
          • Get an access token and make a request
          • Scopes and supported endpoints
        • Implement OAuth for Okta with a Service App
          • Overview
          • Create a public/private key pair
          • Create a service app and grant scopes
          • Create and sign the JWT
          • Get an access token
        • Protect your API endpoints
          • Before you begin
          • Add and configure packages
          • Require authentication
          • Configure CORS
          • Next steps
        • Configure an access policy
          • Overview
          • Limit which scopes some clients can access
          • Configure a custom access token lifetime per client
          • Next steps
      • Deploy to Production
        • Deployment checklist
          • Pre-launch checklist
        • Deploy your app
          • Overview
          • Java
          • JavaScript
          • Mobile
        • Migrate to Okta
          • Prerequisites
          • Bulk Migration with Credentials
          • Import Users with Inline Password Hooks
      • Hooks
        • Common Hook Set-up Steps
          • Overview
          • Setting up an external service
          • Adding Basic Authorization and Body Parsing
          • Troubleshooting hook implementations
        • Event Hook
          • Overview
          • Initial verification
          • Parse the Event Hook request
          • Examine the Event Object
          • Enable and verify Event Hook
          • Preview and Test the Event Hook
        • Password Import Inline Hook
          • Overview
          • Get submitted credentials
          • Check credentials against user store
          • Send response
          • Activate
          • Import Users
          • Test your hook
        • Registration Inline Hook
          • Overview
          • Add request code
          • Send response
          • Activate and enable
          • Preview, test, and troubleshoot
        • Token Inline Hook
          • Overview
          • Set up the sample Express app
          • Parse the Token Inline Hook request
          • Check against data store
          • Send response
          • Activate and enable
          • Extend the sample Express app
          • Test the Token Inline Hook
    • Concepts
      • Concepts overview
      • API Access Management
      • Authentication
      • Authorization Servers
      • Event Hooks
      • Events API Migration
      • External Identity Providers
      • Feature Lifecycle Management
      • Role Assignment
      • How Okta works
      • Identity engine
      • Inline Hooks
      • Key Rotation
      • OAuth 2.0 and OpenID Connect Overview
      • Okta Data Model
      • Okta Organizations
      • Okta-Hosted Flows
      • Hosted Vs. Embedded
      • Policies
      • Social Login Overview
      • Understanding SAML
        • SAML Overview
        • SAML FAQ
      • Understanding SCIM
        • SCIM Overview
        • SCIM FAQ
    • Reference
      • Reference Overview
      • API Overview
      • Sign in Your Users
        • OpenID Connect & OAuth 2.0 API
        • Authentication
      • Manage Okta Objects
        • Administrator Roles
        • Administrator Roles
        • Apps
        • Authorization Servers
        • Domains
        • Dynamic Client Registration
        • Event Hooks
        • Event Types
        • Factors
        • Features
        • Groups
        • Identity Providers
        • Inline Hooks
        • Linked Objects
        • Mappings
        • MyAccount
        • Org
        • Policy
        • Schemas
        • Sessions
        • System Log
        • Templates
        • ThreatInsight
        • Trusted Origins
        • User Types
        • Users
        • Zones
      • Rate Limits
        • Rate limits overview
        • Authentication/End-user rate limits
        • Management rate limits
        • Other endpoint rate limits
        • Additional limits
        • Rate limit best practices
        • Client-based rate limits
        • DynamicScale
        • Previous rate limits
        • System Log events for rate limits
      • Error Codes
      • Import Hook
      • Okta Expression Language
      • Password Hook
      • Postman Collections
      • Registration Hook
      • Release Life Cycle
      • SAML Hook
      • SCIM Protocol
        • SCIM overview
        • SCIM V2.0
        • SCIM V1.1
      • Social IdP Settings
      • Token Hook
      • WebFinger
      • Advanced Server Access
        • Introduction to the Advanced Server Access API
        • ASA Attributes API
        • ASA Audits API
        • ASA Clients API
        • ASA Entitlements API
        • ASA Groups API
        • ASA Projects API
        • ASA Service Users API
        • ASA Teams API
        • ASA Users API
    • Languages & SDKs
      • Languages & SDKs overview
      • Mobile
        • Android
        • iOS
        • React Native
      • Front End
        • Angular
          • Add User Authentication to Your Angular App
          • Okta Sign-In Widget and Angular
          • Okta Auth JS and Angular
        • JavaScript
          • Add User Authentication to Your JavaScript App
          • Okta Sign-In Widget Guide
          • Okta Auth SDK Guide
        • React
          • Add User Authentication to Your React App
          • Okta Sign-In Widget and React
          • Okta Auth JS and React
        • Vue
          • Add User Authentication to Your Vue App
          • Okta Sign-In Widget and Vue
          • Okta Auth JS and Vue
      • Back End
        • .Net
        • Go
        • Java
        • Node.js
        • PHP
        • Python
        • REST
    • Release Notes
      • Overview
      • 2021
      • 2020
      • 2019
      • 2018
      • 2017
      • 2016

On This Page

Loading...
    • Okta Connector Agent Tool product
    • Okta Framework Tool product
    • Okta Android Verify product
    • Okta Android Mobile product
    • Okta Office365 product
    • Okta AD Agent Setup product
    • Okta Auth SDK product
    • Okta Confluence product
    • Okta Cloud Provisioning Connector Tool product
    • Okta Jira product
    • Okta LDAP Agent product
    • Okta LDAP Agent Setup product
    • Okta Radius Agent Setup product
    • Okta Password Sync Setup product
    • Okta Rsa SecurID Setup product
    • Okta SSO IWA product
    • Okta SAML Toolkit product
    • Okta SWA IE product
    • Okta SWA Firefox product
    • Okta SWA Safari product
    • Okta Sign-In Widget product
    • Okta OpenID Connect Emulator product
    • Okta Web App Client JS product
    • Okta SDK Packaging product
    • Okta Windows Shared product
    • Okta iOS Mobile product
    • Okta SWA Chrome product
    • Okta iOS Verify product
    • Okta Windows Verify product
    On This Page

      Need support? Ask on the forum.

      Social

      • GitHub
      • Twitter
      • YouTube
      • Forum
      • Blog RSS

      Contact & Legal

      • Contact our team
      • Contact sales
      • Terms & conditions
      • Privacy policy

      More Info

      • Pricing
      • Integrate with Okta
      • Change log
      • 3rd-party notes
      OKTA.COM Products, case studies, resources
      HELP CENTER Knowledgebase, roadmaps, and more
      TRUST System status, security, compliance
      Copyright © 2021 Okta.