Create an authorization server

Create custom authorization servers to manage access between Okta and client applications.

Before you begin

Identify the scopes and claims in your client app that you want to register with Okta.

Start this procedure

  1. In the Admin Console, go to Security > API.

  2. In the Authorization Servers tab, click Add Authorization Server.
  3. In the Add Authorization Server dialog, enter the following information:
    • Name: A name to identify the server.

    • Audience: URI for the OAuth resource that consumes the Access Tokens. This value defines the default audience for Access Tokens.

    • Description: Optional. Information to help admins identify the purpose of this authorization server.

  4. Click Save.
  5. Optional. In the Settings tab, edit the following fields:
    • Issuer: If you enabled and defined a custom URL domain, the Issuer field defaults to the custom URL and appears in the format Custom URL (https://id.example.com). Use the dropdown arrow in the field to select the organization URL.

      Alternatively, you can choose Dynamic, which allows either the organizational or custom domain to be used, depending on the request domain.

      This is an Early Access feature. To enable it, contact Okta Support.

    • Signing Key Rotation: Automatic or manual. Use manual only for clients that are unable to poll the authorization server to update their list of signing keys automatically. If you use manual, Okta recommends that you rotate keys every three months.

Next Steps

Create API access scopes

Create API access claims

Create access policies

Test your authorization server configuration