<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Land on Post Login URL with SP Initiated Login When Deep Linking is Enabled
Jul 14, 2025
Access Gateway
Okta Classic Engine
Okta Identity Engine
Overview

This article explains the distinction between SP-initiated and IdP login behaviors in Okta Access Gateway (OAG) and provides guidance on configuring policies to redirect users to a desired post-login URL when deep linking is enabled.

Applies To

  • Okta Access Gateway (OAG)

Solution

SP-initiated login by design will land on protected web resource page when deep linking is enabled. IDP login does land on post login URL due to the Default Relay State value in Okta application settings. 
 

OAG routes users to the requested resource from the protected web URL. If users need to be on the post-login URL when deep linking is enabled, a policy needs to be created that will call the resource configured for redirection.
 

Below is an example that can be used for policy configuration. This needs to be set up under Advanced configuration for application policies. Here, users will get routed to /myurl page, which can be configured with a post-login URL, so users can land on it post login.
 

if ($request_uri = '/') {return 302 /myurl ; }

NOTE: The /myurl needs to be from a protected web application so that the authentication process gets triggered.

Recommended content

Still looking for help?
Loading
How to Land on Post Login URL with SP Initiated Login When Deep Linking is Enabled