Due to changes in how third-party cookies are handled within browsers, it is important to ensure that embedded Okta Sign-In Widgets are configured properly. This article shows how to determine where an embedded Okta Sign-In Widget is potentially hosted.
- Embedded Okta Sign-In Widget
When using an embedded Okta Sign-In Widget, the domain hosting the widget must be set up as a Trusted Origin for CORS. To confirm where an embedded widget is being hosted, go to Security > API and click the Trusted Origins tab. On the next page, click CORS under the Filters section.
This will list all domains where an embedded widget is potentially hosted. It does not indicate the specific path where the widget is hosted; it only includes the domain.
NOTE: The CORS type on the Trusted Origin is required for the domain to use the embedded widget. However, it is possible that the domain does not use an embedded widget; it may just be required when making rest API calls to Okta in the background.
