Custom error screen with link to quickly assign application?
If a SP redirects a user to Okta for authentication, and the user doesn't have the SP's app assigned to their account, they get an error message similar to this:
Sorry, you can't access [Application Name] because you are not assigned this app in Okta. If you're wondering why this is happening, please contact your administrator. If it's any consolation, we can take you to your Okta home page.
How can I provide on this screen an easy way for the user to add the app to their account and then immediately continue the authentication process? Everyone hitting this page has permission to use the app via self service - they just don't have it added to their okta home page by default.
Sorry, you can't access [Application Name] because you are not assigned this app in Okta. Please [click here] to assign yourself to this application and continue logging in. If you need additional help, please contact your administrator.
There are a couple of approachs you could take to fix this issue.
First, you can always create a custom error page for the users. This is found under https://org.okta.com/admin/settings/customization then at the bottom there is a section called Application Access Error Page.
Secondly, you could create an Okta group and add all the users to it then assign the group to the app via the Admin console. Next hide the application (appX) from the users via the Application visibility on the General tab of the app. Then create a new Bookmark App(appY) and use the App Embed Link on the general tab of the appx.
Essentially you are assigning the app to everyone who needs it, hiding it from the users, and creating a Bookmark App(appY) that points to the Okta Embed URL of appX, and adding it to the self service area. The Bookmark app(appY) needs to have the same name and logo of appX.
The second option buys you the ability to let users decide if they want to add the app to the user home vs. forcing them to have it.