<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

Deployment Model - Default Okta Hosted SIW

Last Updated:

Administration

Telemetry confirmed this org uses the default Okta Hosted Sign-In Widget with no page-level customizations detected. The upgrade to Okta Identity Engine (OIE) can proceed. However, because the Okta Hosted Sign-In experience is managed by Okta, certain authentication flows — particularly CIAM-oriented ones such as Account Activation and Self-Service Registration — may behave differently after the upgrade. Review the flows below before scheduling the upgrade.

Applies To

  • Default Okta Hosted Sign-In Widget
  • Upgrade Eligibility: Eligible with Warning

Experience Impact

The Okta Hosted Sign-In Widget is upgraded automatically as part of the OIE migration. While no code changes are required, some authentication flows depend on Okta’s pipeline behavior, which changes with Identity Engine. CIAM organizations have a low tolerance for unexpected user experience changes, making it important to verify the following flows before upgrading production.

Known areas of potential impact:

  • Account Activation — If Okta Self-Service Registration is enabled, the activation email and enrollment flow should be tested end-to-end in a preview environment.
  • Custom Password Recovery — If a third-party or custom recovery flow is in use, end-to-end testing is recommended before upgrading.
  • Secondary Email — In OIE, secondary email is limited to Activation and Recovery flows. Confirm it is not relied on for other authentication contexts.

Before the Upgrade

No changes are required to the Sign-In Widget. Verify the Account Activation, Custom Password Recovery, and Secondary Email flows in an OIE preview environment before upgrading production.

  1. Account Activation flow — If Okta Self-Service Registration is enabled, confirm the activation email delivers correctly and the enrollment flow completes as expected in OIE.

  2. Custom Password Recovery — If a third-party recovery flow is in use, test the end-to-end recovery path and verify any custom redirects or email templates are functioning correctly.

  3. Secondary Email usage — Confirm that secondary email is not relied on outside of Activation and Recovery flows.

After the Upgrade

Parity: The upgrade delivers OIE Enhanced experiences by default for Okta Hosted flows. Review Email Templates (Activation and Recovery) for any needed updates.

Enhanced Experience (OIE Functionality):

  • Enhance with Sign-in Policies (Global Session and Authentication policies)
  • Enhance with Profile Enrollment Policies (replaces Classic Self-Service Registration)

Related References

Recommended content

Still looking for help?
Loading
Okta Support - Deployment Model - Default Okta Hosted SIW