Create an authorization server
Create custom authorization servers to manage access between Okta and client applications.
Before you begin
Identify the scopes and claims in your client app that you want to register with Okta.
Start this procedure
In the Admin Console, go to Security > API.
- In the Authorization Servers tab, click Add Authorization Server.
- In the Add Authorization Server dialog, enter the following information:
Name: A name to identify the server.
Audience: URI for the OAuth resource that consumes the Access Tokens. This value defines the default audience for Access Tokens.
Description: Optional. Information to help admins identify the purpose of this authorization server.
- Click Save.
- Optional. In the Settings tab, edit the following fields:
Issuer: If you enabled and defined a custom URL domain, the Issuer field defaults to the custom URL and appears in the format Custom URL (https://id.example.com). Use the dropdown arrow in the field to select the organization URL.
Alternatively, you can choose Dynamic, which allows either the organizational or custom domain to be used, depending on the request domain.
This is an Early Access feature. To enable it, contact Okta Support.
- Signing Key Rotation: Automatic or manual. Use manual only for clients that are unable to poll the authorization server to update their list of signing keys automatically. If you use manual, Okta recommends that you rotate keys every three months.