Okta OIDC Configuration for Self-Hosted Web App

If you're looking to authenticate your self-hosted web application with Okta OIDC and the external domain of the app differs from its internal domain, you'll need to follow a few steps.


Before you start, make sure your self-hosted web application meets the following prerequisites:

  • Axis rewrites the application's host portion (The external domain is different from the internal domain).
Example - Origin URL is different that exter

Example: Internal domain (Local Address) differs from external domain (Remote Address)

  • The web application is authenticated using Okta OIDC - OpenID Connect authentication.
Application should be defined with as OIDC - OpenID Connect as Sign-in method

Your Okta application should be defined with OIDC - OpenID Connect as the sign-in method

Step 1: Verify Application's Additional Domains

  1. In the Axis Management Console, go to Settings -> Applications. Then find the web application and click on Edit.
  2. Click on Advanced Settings.
  1. Review the Additional Domains and check if it contains Okta domains (or your organization's Okta custom domains, if applicable). If it does, remove them.

Step 2: Edit General Settings in Okta

  1. In your Okta console, navigate to ApplicationsApplications.
  2. Select the Okta application that is used to authenticate the web application.
  3. Navigate to the General tab.
  4. Scroll to the General Settings section and click on Edit.
  1. In the Login section, in the Sign-in redirect URIs field, click on Add URI.
  1. Copy the existing URI into the new URI item, and replace the original domain with the web application's external domain.
  1. Click on Save.
You should see the external domain along with the original domain

You should see the external domain along with the original domain