Configure settings for app integrations

You can configure settings for your app integration using the tabs on the app integration page.

About admin roles for this task

The administrator running this task must have at least one of the following roles:

  • Super admin for the Okta org
  • App admin for the Okta org

Read-only admins can see the settings for individual app integrations, but can't make any changes.

Before you begin

The admin must sign in to the Admin Console.

Start this task

To access the settings page:

  1. In the Admin Console, go to ApplicationsApplications.
  2. In the main panel, click the app integration you want to update. You can also enter the name in the Search bar.

Okta displays the settings page for the app integration, organized into several tabs. The tabs displayed depend on the type of app integration and which features are enabled for your org.

General

This tab shows the general app integration settings, which vary by app integration. These settings may include:

  • App Settings: Configure application-specific settings such as the application label and visibility. Some of these settings include:
    • Application label: This is the label that's displayed for the application on the End-User Dashboard.
    • Application visibility: Select Do not display application icon to users to hide the app from users. Select Do not display application icon in the Okta Mobile app to prevent the app from being used from Okta Mobile.
    • URL: The URL of the login page for a Bookmark App. Other types of apps may also include a similar field for an application-specific URL.
    • Request Integration: For an app integration that you created, select this to request that Okta review the app to add it to the Okta Integration Network (OIN). This property only applies to Bookmark App integrations. See Submit an app integration for more information on adding an app integration to the OIN.
    • Browser plugin auto-submit: Select Automatically log in when user lands on login page to automatically sign in users when they access an app login page.
    • Auto-launch: Applying this option only affects newly assigned users. Users who were already assigned to the app integration need to open the tile settings in their dashboard and select Auto-launch the app when user signs into Okta. When auto-launch is enabled here or by end users, signing in to Okta may cause more than one instance of the app to appear as an additional tab or window. This behavior is expected, and the user may safely close any unwanted tabs or windows.
    • Application notes for end users: A note about the app that end users can view on their dashboard.
    • Application notes for admins: A note about the app that admins can view on the General tab of the application's settings page.
  • VPN Notification: This feature alerts end users when a VPN connection is required to connect to the app integration. When end users click the app integration tile, Okta displays a notification before launching the app. You can customize this notification to remind users about VPN requirements. See Set up VPN notification.

    The VPN notification doesn't appear if the end user has enabled the Auto-launch option in the General settings of the app integration tile.

  • App Embed Link: Use this section to copy an embed link for the app integration, redirect users to a custom login page, or redirect users to a custom error page.
  • Email Verification Experience: This setting allows you to customize the end-user experience when using an email magic link as an authenticator. When end users click the one-time magic link to verify their identity on orgs that use an embedded sign-in widget, Okta validates the token and redirects their browser request to this URI location. You can set this URI value to send the end user to specific OIDC app integrations, the end-user dashboard for your org, or any custom website. If this URI is not present, Okta uses the redirect sign-in flow and sends the end user to the Okta End-User Dashboard.

Sign On

After adding the app integration, you can return to the Sign On tab to configure or change any of your sign-in settings. The available options vary by app integration. See Configure Single Sign-On options.

You can configure your Sign on methods and Credentials Details for the app integration. You can also configure the app's Sign On Policy. See Authentication policies.

Provisioning

If provisioning is enabled for the app integration, this tab allows you to automate the creation, updates, and deactivation activities for user accounts to and from the external application. See Provision apps.

Import

You can assign the app to users you import, either from an available list of users or from a CSV file. See Import users.

Assignments

Use the Assign button to assign people and groups to the new app. Use the left-side Filters panel to switch between People and Groups views.

To assign a specific app integration to individual users or groups:

  1. Click Assign.
  2. Choose either Assign to People or Assign to Groups. An Assign app_name to People or Assign app_name to Groups dialog lists the available end users or groups who aren't already assigned to the selected app integration.
  3. Click Assign next to each user or group for which you want this app assigned. When adding users for some apps, you may need to fill out the user details in the Attributes dialog.
  4. Assign more users or groups, or click Done.

Assigning individual users to app integrations is a time-consuming task, so a best practice is to assign the app integration using groups instead. See Assign a single app to groups.

You can also convert an individual app integration assignment to a group assignment. See Convert an individual assignment to a group assignment.

You can allow users to request and obtain an app through self service by enabling Requests under SELF SERVICE. You can only do this if your org has enabled self service to allow users to add org-managed app integrations. See Enable self-service access to apps.

Push Groups

Group push allows you to use your existing groups in Okta and push them to the external application. After a group has been pushed to the external application, Okta automatically sends any membership changes to the corresponding group in the external application. See Group Push.

Group push requires that you enable API authentication and provisioning for the app integration. See Group Push prerequisites.

Okta API Scopes

OpenID Connect clients can access Okta APIs on behalf of a user. Scopes control the client access to API endpoints and determine which operations the client can perform. Detailed information on each scope is available by hovering over the tool-tip icon next to the scope name.

Scopes that end in .self only allow a resource to read or manage itself. Other scopes allow access to all resources of a certain type. For example, the okta.users.manage.self scope allows the app to manage only the signed-in user's profile and credentials, while the okta.users.manage scope allows the app to create new users and to manage the profile and credential information for all users.

Okta authorizes consent for any scope that you grant consent to, provided that the client makes the request and the client user has the appropriate permission for the resource. A user's Okta administrator role determines their user permission level.

To enable consent for any scope, click Grant next to the name of the scope.

If you need to remove a previously granted scope, click Revoke next to the name of that scope.

Related topics

Add existing app integrations

Create custom app integrations

Configure Single Sign-On options