All Developer Edition Orgs will be deactivated starting on July 18, 2025. Sign up for the new Integrator Free Plan to continue building and integrating. Learn more on the Okta Developer Blog

Instructions for

On this page

Create an app integration

This guide explains what an app integration is, why you need one, and how to create one.


Learning outcomes

  • Learn about app integrations in Okta.
  • Learn how to create the app integration.

What you need


About app integration

App integrations in Okta connect your Okta org to external apps and services. These integrations support several protocols that allow you to manage user access, authentication, and provisioning from a single or centralized platform.

With app integrations, you can:

App integrations can be:

The following table summarizes the key differences:

Feature Prebuilt/existing integration Custom integration API Service integration
Definition Integrations that are listed in the OIN app catalog (opens new window) Integrations that are created within the Okta org for internal use Integrations that have access to the Core Okta API using OAuth 2.0.
Benefit Provides broad visibility and seamless onboarding Ideal for prototyping or niche use cases Secure access to Okta APIs without user interaction
Protocols supported OIDC, SAML, SWA, WS-Fed, SCIM OIDC, SAML, SWA, SCIM OAuth 2.0
Security validation Reviewed and tested by Okta No external validation. Handled by the org admin or the developer. OAuth-based flow with limited scopes and tokens
Discoverability Listed in the public OIN app catalog Only visible in the org Not visible to end users
Use case Public SaaS apps Internal apps User sync, backend microservices

Supported protocols

Okta app integrations support standard protocols for both SSO (opens new window) and automated user provisioning:

These protocols allow you to provide secure, seamless access and automated user management for a wide range of apps and services.

How to create an app integration

You can add either a prebuilt app integration from the OIN or create a custom app integration based on your org’s needs.

Add a prebuilt/existing app integration

  1. Sign in to the Admin Console.
    1. Sign in to your Okta org (opens new window).
    2. Click Admin in the upper-right corner of the page.
  2. Go to Applications > Applications.
  3. Click Browse App Catalog.
  4. Search for the app integration you require. To search, perform one of these two options:
    • Type the app integration name in the Search bar. Select it from the dropdown or click See All Results to have everything displayed as tiles in the main panel. Click the tile to view its details.
    • Choose a Use Case and optional filters such as Functionality or Industry to filter the results. When you find the app integration you want, click it to view more details on the details page.
  5. Determine if this is the correct app integration for your needs. The details page provides a detailed description of the app integration, its use case, and supported functionality.
  6. Select the app from the catalog and click Add Integration.
  7. Enter the required information under General Settings, and then click Next.
  8. Select one of the sign-on methods on the Sign-On Options page. The sign-on options available depend on the access protocols supported by the app integration. See Configure SSO options (opens new window).

    Note: For SWA app integrations, you can't configure the sign-on options when Sync Password is configured as a provisioning option.

  9. Select a username format in the Application username format dropdown. This format is the default username value when assigning the app integration to users.

    Note: If you select None and the app integration has password or profile push provisioning features, then Okta prompts you to enter the username manually when you assign the app integration.

  10. Select a setting from the Update application username on dropdown list. This setting controls how you want the app integration to handle any updates to the user's Okta username.
  11. Select Password reveal if you want your end users to see the password used to connect to the external app. See Reveal the password of an app integration (opens new window).
  12. Click Done.

Okta adds an instance of the app integration to your org, and you can now assign it to your end users. See Assign app integrations (opens new window). If you need to update the settings for your app integration, including changing sign-in options, see Configure settings for app integrations (opens new window).

Create a custom app integration

You can add an app integration that doesn't exist in the OIN, using the App Integration Wizard (AIW). The wizard allows you to create an app integration and connect Okta with your SAML, OIDC, SWA, or SCIM app. You can also add SCIM provisioning to a custom app integration.

  1. Open the Admin Console for your org.

  2. Go to Applications > Applications.

  3. Click Create App Integration.

  4. Choose the integration type that matches your app’s requirements.

  5. Ensure that you have the following integration settings ready:

  6. Create the integration. See:

After you create your integration, you can assign it to your users in your org.

The integration you created is private and visible only within your own Okta org. If you want to make your app integration publicly available in the OIN, see Publish an OIN integration (opens new window).

Create an API Service Integration

You can also add any API service integration listed in the OIN catalog with their Okta tenant org. See API Service Integrations (opens new window).

To build, test, and submit your API service integration to the OIN catalog. See Build an API service integration (opens new window).

Test Your Integrations

Once your app is set up:

  1. Assign the app to a test user or group from Assignments.
  2. Log in to the Okta End-User Dashboard.
  3. Click the app and verify successful redirection/authentication.
  4. Review tokens or SAML assertions using developer tools or Okta logs.

See also