This article explains how to add the prompt=select_account parameter to the /authorize request when using a Google OIDC IdP registered in Okta. This configuration allows users to choose which Google account to use during authentication.

• Generic OIDC Identity Provider (IdP)

1. In the Okta Dashboard, navigate to Security > Identity Providers section.
2. Choose Add identity provider and select the Generic OIDC IdP type instead of the preconfigured Google IdP type.

3. When configuring the Google OIDC IdP, it is necessary to enter various endpoints, including the authorization endpoint.  Refer to Google's Discovery document for this information.
4. For the authorization endpoint, append ?prompt=select_account to the end of the URL.

Limitations:

• For generic OIDC IdPs, it is possible to pass additional static authorization query parameters as shown above.
• Dynamic parameter addition based on the authorize request made to Okta is not supported.

Related References

• See OAuth 2.0 for Web Server Applications for more information on the prompt parameter and other parameters Google's authorization server supports.