Per the below integration guide for LastPass configuration with Okta:
Under Step 9: Set Up Okta in LastPass, metadata from the Okta side must be used to integrate successfully. However, a Custom URL domain configured on the Okta side is not supported for use on LastPass.
- Okta Integration Network (OIN)
- LastPass
As Step 9.9 in the aforementioned LastPass documentation states, it asks for input of a metadata URL that includes the /.well-known/openid-configuration.
When visiting [org].okta.com/.well-known/openid-configuration, a configuration featuring the organization's base URL is displayed.
However, if a Custom URL Domain has been configured, it might be necessary to provide LastPass with the metadata URL that includes the Custom URL Domain. Visiting [custom-URL].com/.well-known/opened-configuration will also display a configuration with the Custom URL Domain populated in the config details.
LastPass does not mention this in their guide, but Custom URL Domains are not supported in their integration.
To ensure a successful setup, use the below format for Step 9.9 in the LastPass guide:
[org].okta.com/oauth2/[hashed-value-generated-in-earlier-steps]/.well-known/openid-configuration.
Additionally, using [org]-admin.okta.com in any configuration, the steps will not work, as this will reference any configured Custom URL Domain in the well-known configuration. "-admin" should never be used in any configurations or integrations.
