Create an authorization server

Note: If you have an Okta Developer Edition (opens new window) account and you don't want to create any additional Custom Authorization Servers, you can skip this step because you already have a Custom Authorization Server created for you called "default". The ${authorizationServerId} for the default server is default.

  1. In the Admin Console, go to Security > API.

  2. On the Authorization Servers tab, select Add Authorization Server and enter the Name, Audience, and Description for the Authorization Server.

Note: An access token that is minted by a Custom Authorization Server requires that you define the Audience property and that it matches the aud claim that is returned during access token validation. The Audience property should be set to the URI for the OAuth 2.0 resource server that consumes the access token. Use an absolute path such as This value is used as the default audience (opens new window) for access tokens.

When you finish, the Authorization Server's Settings tab displays the information that you provided. If you need to edit any of the information, such as Signing Key Rotation, click Edit.