Create an Application with Federation Broker Mode Enabled Using Apps API
Jan 16, 2026
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
This article describes how to enable Federation Broker Mode when creating a new application with the /Apps endpoint.
Applies To
- Applications API
- Custom OpenID Connect (OIDC)
- Custom Security Assertion Markup Language (SAML)
Cause
Federation Broker Mode is enabled as part of the application settings as implicitAssignment.
Solution
When creating an application using the /api/v1/apps endpoint, setting implicitAssignment to true in the application's settings will enable Federation Broker Mode.
For example, to create a custom OpenID Connect Single Page Application with Federation Broker Mode turned on, the request body will look like the one below:
{
"name": "oidc_client",
"label": "Sample Client - FBM",
"signOnMode": "OPENID_CONNECT",
"credentials": {
"oauthClient": {
"token_endpoint_auth_method": "none"
}
},
"settings": {
"implicitAssignment": true,
"oauthClient": {
"client_uri": "http://localhost:8080",
"logo_uri": "http://developer.okta.com/assets/images/logo-new.png",
"redirect_uris": [
"https://example.com/oauth2/callback",
"myapp://callback"
],
"response_types": [
"token",
"id_token",
"code"
],
"grant_types": [
"implicit",
"authorization_code"
],
"application_type": "browser"
}
}
}
Confirm this by looking at the Applications > Assignments tab for the newly created application within the Admin Console.
Federation Broker Mode can also be enabled on Custom SAML Applications by ensuring the same attribute
implicitAssignment is set to true.
"name": "SAML_Application",
"label": "CUSTOM SAML TEST",
"signOnMode": "SAML_2_0",
"credentials": {
"userNameTemplate": {
"template": "${source.login}",
"type": "BUILT_IN"
}
},
"settings": {
"implicitAssignment": true, 
