Grant cross-origin access to websites

You can enable CORS for websites that need cross-origin requests to the Okta API using the Developer Console.

Note: Make sure that you are using the Developer Console for these steps. If you see Classic UI in the top left of the page, click it and select Developer Console to switch.

  1. Select API and then Trusted Origins. From the Admin Console (Classic UI), select Security > API > Trusted Origins.
  2. Select Add Origin and then enter a name for the organization origin.
  3. In the Origin URL box, specify the base URL of the website that you want to allow cross-origin requests from.
  4. Make sure that CORS is selected as the Type. You can also enable the Redirect setting, which allows for redirection to this Trusted Origin after a user signs in or out.
  5. Click Save.

Note: If you don't enable CORS, or disable it at a later date, the list of websites is retained.