Customize the Content Security Policy (CSP) for a custom domain
Early Access release. See Manage Early Access and Beta features.
You can customize the Content Security Policy (CSP) for a custom domain. This feature lets you control which URLs you can link to from your customized sign-in and error pages. You add URLs for trusted external resources, such as links to images, and then add these links to the code in your sign-in and error pages.
The default CSP provided by Okta can break customizations.
Customize the CSP
In the Admin Console, go to .
- To add trusted external resources for sign-in pages, click Edit in the Sign-in page section. To add trusted external resources for error pages, click Edit in the Error pages section.
- Click Settings.
- Click Edit in the Content Security Policy section.
- Create a list of Trusted external resources. Click Add and enter or paste the URL for a trusted external resource in the field.
All external resources that aren't in this list are considered untrusted and aren't allowed to appear on your sign-in or error pages.
- Enter a Validations report URI to send report details to.
- Choose an Enforcement option:
- Select Enforced to block resources that are untrusted by the CSP.
- Select Not enforced (Report-only mode) for testing purposes only.
- Click Save to draft.
- Click Preview to review your changes.
- Click Publish.