I have a dev app that is working correctly for email/password login. I'm attempting to enable MFA. I added a rule to the app requiring MFA but now after I enter email/password I see this error in the browser console:
Refused to display 'https://dev-REDACTED.oktapreview.com/login/login.htm?fromURI=%2Foauth2%2Fv1%2…horize%2Fredirect%3Fokta_key%3DREDACTED' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
FYI my app is on the okta preview system, configured for OpenID Connect, and set as a SPA type web app.
Hi Peter, In order to have Okta pages show in iFrames like different apps and pages, you need to have "IFrame Embedding" enabled for your Okta Org. You can enable it by going to the Admin Panel > Settings > Customization and under IFrame Embedding section click on Edit and enable the checkbox there. Let us know if you have any questions.