Configure settings for app integrations
You can configure additional settings for your app integration using any of the tabs on the app integration page.
About admin roles for this task
The administrator running this task must have at least one of the following roles:
- Super admin for the Okta org
- App admin for the Okta org
Read-only admins can see the settings for individual app integrations, but can't make any changes.
Before you begin
The admin must sign in to the Okta Admin Console.
Start this task
To access the settings page:
- In the Admin Console, go to Applications > Applications.
- In the main panel, click the app integration you want to update. You can also type the name in the Search bar.
Okta displays the settings page for the app integration, organized into several tabs. The tabs displayed depends on the type of app integration and what features are enabled for your org.
This tab shows the general app integration settings, including:
- App Settings: Configure application-specific settings such as the application label and visibility.
- Auto-launch: Applying this option only affects newly assigned users. Users who were already assigned to the app integration need to open the tile settings in their dashboard and select Auto-launch the app when user signs into Okta. When auto-launch is enabled here or by end users, signing in to Okta may cause more than one instance of the app to appear as an additional tab or window. This behavior is expected, and the user may safely close any unwanted tabs or windows.
- VPN Notification: This feature alerts end users when a VPN connection is required to connect to the app integration. When end users click the app integration tile, Okta displays a notification before launching the app. You can customize this notification to remind users about VPN requirements.
The VPN notification doesn't appear if the end user has enabled the Auto-launch option in the General settings of the app integration tile.
- App Embed Link: Use this section to copy an embed link for the app integration, redirect users to a custom login page, or redirect users to a custom error page.
After adding the app integration, you can return to the Sign On tab to configure or change any of your sign-in settings. The available options vary by app integration. See Configure Single Sign-On options.
You can configure your Sign on methods, Credentials Details, and the Sign On Policy for the app integration. See About app sign-on policies.
This tab is only available for app integrations with which native apps have been tested to work under Okta Mobility Management policies. See Enable access to managed mobile apps.
If provisioning is enabled for the app integration, this tab allows you to automate the creation, updates, and deactivation activities for user accounts to and from the external application. See Provision applications.
You can assign the app to users you import, either from an available list of users or from a CSV file. See Import users.
Use the Assign button to assign people and groups to the new app. Use the left-side Filters panel to switch between People and Groups views.
To assign a specific app integration to individual users or groups:
- Click Assign.
- Choose either Assign to People or Assign to Groups. An Assign <app name> to People or Assign <app name> to Groups dialog lists the available end users or groups who are not already assigned to the selected app integration.
- Click the Assign button next to each user or group for which you want this app assigned. When adding users for some apps, you may need to fill out the user details in the Attributes dialog.
- Assign more users or groups, or click Done.
Assigning individual users to app integrations is a time-consuming task, so a best practice is to assign the app integration using groups instead. See Assign a single app to groups.
Group push allows you to use your existing groups in Okta and push them to the external application. After a group has been pushed to the external application, Okta automatically sends any membership changes to the corresponding group in the external application. See About Group Push.
Group push requires that you enable API Authentication and Provisioning for the app integration. See Group Push prerequisites.
Okta API Scopes
OpenID Connect clients can access Okta APIs on behalf of a user. Scopes control the client access to API endpoints and determine which operations the client can perform. Detailed information on each scope is available by hovering over the tool-tip icon next to the scope name.
Scopes that end in .self only allow a resource to read or manage itself. Other scopes allow access to all resources of a certain type. For example, the okta.users.manage.self scope allows the app to manage only the signed-in user's profile and credentials, while the okta.users.manage scope allows the app to create new users and to manage the profile and credential information for all users.
Okta authorizes consent for any scope that you grant consent to, provided that the client makes the request and the client user has the appropriate permission for the item. The user permission level is determined by their Okta administrator role.
To enable consent for any scope, click Grant next to the name of the scope.
If you need to remove a previously granted scope, click Revoke next to the name of that scope.