App intent links
App intent links are protocol-specific endpoints that initiate a sign-in flow to an app, supporting both IdP-initiated and SP-initiated flows. Their behavior changes after upgrading from Classic Engine to Identity Engine.
| Change summary |
Classic Engine: Unauthenticated traffic to an app was
redirected to Identity Engine: App intent links no longer forward to a centralized sign-in page. Each app intent link hosts its own sign-in widget experience directly, unless an IdP routing rule exists. Identity Engine evaluates the global session policy, app sign-in policy, and all other policies relevant to the sign-in experience. |
| Admin experience | No action is required. |
| User experience | Because each app intent link hosts its own sign-in experience, they share a common rate limit bucket, similar to the centralized sign-in page rate limit in Classic Engine. |
| Related topics | App intent links |
Custom sign-in page for embedded app links
| Change summary | Using a custom sign-in page for embedded app links is no longer supported in Identity Engine. Users who click an app embed link are evaluated against the org's Okta sign-on policy instead. |
| Admin experience |
Choose one of the following alternatives:
|
| Related topics | Custom sign-in page for embedded app links |