After upgrading to the Okta Identity Engine (OIE), Agentless Desktop Single Sign On (ADSSO) authentication will continue to work as expected when using the standard Org URL (https://subdomain.okta.com). However, if a custom login URL is in use and ADSSO fails, the user may experience a login loop, which will persist until the user stops the browser from loading. This article discusses the root cause and solution for the issue.

• Directories
• Agentless Desktop Single Sign On (ADSSO)
• Custom login URL
• Okta Identity Engine (OIE)

The OIE Upgrade created a self-referencing redirect for the custom login URL. As a result, if ADSSO fails, the redirect goes back to the custom login URL, and the user experiences a login loop.

To resolve this issue, create a custom error URL with a Help link, guiding the user to the default login page for the custom URL.

1. Navigate to Admin > Customizations > Other.
2. Find the section for the Access denied error message, usually found on the right side, and click Edit.
3. Set a custom error message along with a Help link text and URL. The default login for any Okta Org, whether using the standard Org URL or a custom URL, will be <site>/login/default. 

4. When finished, click Save.