On This Page


You can deploy your Okta-protected app to many different hosting providers. You can also host it yourself.

If you're developing a Single-Page Application (SPA), you need to host it on a web server and configure all paths to redirect to index.html. This is because your framework handles the routing. You also need to force HTTPS.

If you're developing a server-side application, for example in Java, .NET, or Node.js, you likely only need to do three things after deploying your app:

  1. Configure your app (or server settings) to force HTTPS.
  2. Configure your app to read your Okta settings (for example, issuer, client ID, and client secret) from environment variables or a secrets provider (like HashiCorp Vault).
  3. Modify your Okta app to have sign-in and sign-out redirect URIs that match your production app.


If you need help or have an issue, post a question on the Okta Developer Forum (opens new window).