Custom Domain Metadata URI Endpoints Shows Okta Domain Instead of Custom Domain
Aug 1, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
This article's purpose is to understand why the custom domain metadata URI endpoints contain the Okta domain instead of the custom domain, even if the issuer shows it as the custom domain.
Applies To
- Metadata URI
- Server discover endpoints
- Custom domain
- Okta domain
- Issuer
Cause
The Metadata URI endpoints could be:
- https://${OktaOrgName}/.well-known/openid-configuration if the Org Authorizations Server is being used.
OR
- https://${OktaOrgName}/api/v1/authorizationServers/default/.well-known/openid-configuration if the Default Custom Authorization Server is being used.
OR
- https://${OktaOrgName}/oauth2/${authorizationServerId}/.well-known/openid-configuration if some other Custom Authorization Server is being used.
The custom domain Metadata URI endpoint could show the issuer as the custom domain, with the rest of the endpoints pointing to the Okta domain because the issuer is hardcoded.
Solution
- If the org authorization server is being used, then change the Issuer in Applications > Applications > Sign On > OpenID Connect ID Token to Dynamic.
- If the custom authorization server is being used, then change the Issuer in Security > API > Settings to Dynamic.
