Configure embedded sign-in support
The interaction code grant type is a sign-in flow used by embedded applications to connect to Okta. The Embedded widget sign-in support setting controls this grant type for all OIDC app integrations and API access management servers.
By enabling this setting, you can allow or deny applications the ability to use embedded sign-in flows across your entire org. Instead of the interaction code grant type, Okta recommends using the OAuth 2.0 Authorization Code flow with PKCE. See OAuth 2.0 and OpenID Connect Overview.
You require super admin authority to enable or disable this setting.
Disabling this setting means:
You can't configure any new OIDC app integrations to use the interaction code grant type.
For any app integrations previously configured to use the interaction code grant type, Okta disables this grant type. The grant type is no longer available in the settings for OIDC app integrations. Users attempting to sign in to the app integration receive a message that the client isn’t authorized to use the provided grant type.
Access policy rules for authorization servers don't show the interaction code as an available grant type.
Attempting to make an API call using the interaction code returns an error message that the client isn’t authorized to use the provided grant type.
If you disable this setting for your org but decided to enable it later, Okta doesn't automatically re-enable the interaction grant type for any app integration or authorization server.
- In the Admin Console, go to Settings > Account.
- Scroll down to the Embedded widget sign-in support panel, and then click Edit.
- Select the Interaction code.
If selected, admins can use the interaction code as a grant type for their OIDC app integrations and authorization servers.
If not selected, Okta hides the interaction code as a grant type. Admins can't use the interaction code for any OIDC app integration or authorization server access policy rule in the org.
Okta shows an informational message about how many app integrations and authorization servers currently use the interaction code grant type. Confirm that any impacted app integrations or authorization servers have alternative grant types in place.
- Click Save to confirm the change or Cancel to leave the setting in the original state.