When trying to access an OpenID Connect (OIDC) app (including Dashboard), if the Global Session Policy denies access, users will experience a 2-3 second glitch displaying an Access Denied error message (this error message has been configured under Customizations > Other). The users are then redirected to the server error.

• Okta Identity Engine (OIE)
• Customization 
• OpenID Connect (OIDC)
• Security Assertion Markup Language (SAML)

Since access is denied due to the Global Session Policy, users will be redirected to the server error rather than having the "Access denied error message " displayed on the Sign In Widget (SIW).  

• This behavior is different from the SAML apps that do not redirect the user and stay on the SIW. So, if the user accesses the SAML app and access is denied, the " Access Denied" error message will be shown upfront. 

It is necessary to leverage a Custom Domain and configure the custom error message there. Configuring the error message under Customizations > Other will not help in the OIDC app.