Rebranding, mergers, or other initiatives may require an Okta subdomain to be renamed (for example, from <subdomain1>.okta.com to <subdomain2>.okta.com). This article provides a checklist of items to update after the subdomain rename is complete.

• Okta Subdomain
• Administration
• Okta Classic Engine
• Okta Identity Engine (OIE)

Please contact Okta Support to change the Okta subdomain. Support will first check the availability of the new subdomain and then coordinate the timing for the rename operation. Once the Okta subdomain has been renamed, the following tasks must be completed to ensure proper functionality. Proper planning of the Okta subdomain renaming effort should help to minimize service disruptions.

• AD Agents: If the organization has integrated Okta with Active Directory, each AD agent for each domain must be uninstalled/reinstalled using the new Okta subdomain.

  • Refer to the Installing and Configuring the Active Directory Agent guide for detailed instructions for uninstalling/reinstalling the AD agent(s).

• LDAP Agents: If the organization has integrated Okta with an LDAP Directory, each LDAP agent must be uninstalled/reinstalled using the new Okta subdomain.

  • Refer to Install the Okta LDAP Agent for detailed instructions.

• Classic Desktop SSO: If the organization has configured Okta for Desktop Single Sign-On, each IWA server must be uninstalled/reinstalled using the new Okta subdomain.

  • Refer to the Configuring Desktop SSO guide for detailed instructions on installing the IWA server.

• Agentless Desktop SSO: If the organization is on OIE and configured for Agentless Desktop SSO, the Service Principal Name (SPN) Record must be recreated with the new custom domain.
  
  • Follow the instructions in Create a service account and configure a Service Principal Name to configure a new SPN Record.
  • Update browser settings to trust the new SPN URI
    • Configure browsers for Windows agentless Desktop Single Sign-on.
    • Configure browsers for Mac agentless Desktop Single Sign-on.

• RADIUS Agent: If the organization has configured Okta with RADIUS, each Okta RADIUS agent must be uninstalled/reinstalled using the new Okta subdomain.

  • Refer to Install and configure the RADIUS Agent guide for detailed instructions on uninstalling/reinstalling the Okta RADIUS agent.

• RSA SecurID Agent: If the organization has configured Okta with RSA SecurID, each RSA SecurID agent must be uninstalled/reinstalled using the new Okta subdomain.

  • Refer to Install and configure the RADIUS Agent guide for detailed instructions on uninstalling/reinstalling the Okta RSA SecurID agent.

• API: If the organization is using any Okta API tokens for REST API calls, the tokens do not need to be regenerated; however, special care must be taken to update any custom code to ensure the API endpoints reference the new Okta subdomain.

• SSO Applications: If the organization has configured any SAML or WS-Fed integrated applications, review the SAML or WS-Fed Sign-On setup instructions for each application. Update each SAML or WS-Fed Service Provider integration with the corrected Okta subdomain to avoid disruptions in SSO logins.

• Okta Verify: If the organization uses Okta Verify as an MFA option, all Okta Verify with Push Authentication enrollments must be reset.

  • Refer to "Using Okta Verify" for instructions on resetting the end-user's MFA.

• Custom Domain: If the organization has a custom domain configured, the CNAME value of the DNS records may need to be updated to match the new default subdomain.

• Identity Provider: The Identity Provider's information must be updated with the new domain name.

NOTE:

• Changes to subdomain names will not automatically be reflected in the default Okta subdomain's brand name. After the subdomain is changed, an Administrator must manually update the brand name via the Okta Admin Dashboard.
  To update the brand name in Okta, log in to the Okta Admin Console, navigate to Customizations > Brands, select the brand to modify, then edit the Brand Name field on the settings page, and save the changes when done.
• When using Okta Workflows, the tenant name displayed in the top-right corner of the Workflows console does not update after a subdomain change. This display remains set to the original domain name from the time of initial activation. This behavior does not affect the functionality or execution of workflows, and there is no method to modify this specific UI display.