Use of the Issuer Located Under the Okta OpenID Connect ID Token App Settings
Mar 16, 2026
Okta Classic Engine
All Engines
Okta Identity Engine
API Access Management
Overview
This article clarifies the purpose of the Issuer setting within the OpenID Connect (OIDC) ID Token application configuration.
Applies To
- OpenID Connect (OIDC)
- OAuth 2.0
- API access management
- Issuer
- Org authorization server
- Custom URL
- Okta URL
- Okta Classic Engine
- Okta Identity Engine (OIE)
Solution
The Issuer setting defines the base URL used in OIDC endpoints when authenticating against the Okta Org Authorization Server.
Configuration Options
- Okta URL: By default, the Issuer uses the standard Okta domain (for example,
https://<org>.okta.com). - Custom URL: If a custom domain is configured for the organization, the option to set the Issuer to Custom URL (for example,
https://auth.<org>.com) becomes available. When selected, the base URL for each metadata Uniform Resource Identifier (URI) for that specific OIDC client points to the custom domain.
Review Metadata
Use the following endpoints to review the metadata tied to the Okta Org Authorization Server for a specific OIDC client:
- OpenID Configuration:
https://<org>.okta.com/.well-known/openid-configuration?client_id=<client_id> - OAuth Authorization Server:
https://<org>.okta.com/.well-known/oauth-authorization-server?client_id=<client_id>
NOTE: Updating the Issuer setting to Custom URL under the Sign On tab of the OIDC application does not affect the Default Custom Authorization Server or any additional Custom Authorization Servers in the organization. If there are multiple custom domains, please check the Okta Custom URL Issuer Mode Options for Custom Authorization Servers documentation for more details.
