Custom app login

In Classic Engine, you can use the Application Login feature to redirect unauthenticated users to a custom login page when they try to access an app.

This feature doesn't work in Identity Engine. However, you can create a similar experience for users by customizing the sign-in page or setting an IdP routing rule for the app. See Identity Provider routing rules and Configure a custom Okta-hosted sign-in page.

User experience

You can upgrade without configuring one of these options. If you take no action, let your users know they authenticate entirely through the Okta sign-in page, rather than the custom URL.

  • Unauthenticated users aren't redirected to the customAppLogin URL. Instead, they're evaluated by the global session policy and authentication policy.
  • Users who click an app embed link are evaluated by their org’s global session policy. If they haven’t authenticated yet, they're redirected to the Okta-hosted sign-in page to do so.

Related topics

Create a global session policy

Add an authentication policy rule