<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001kI7Mg0AKOkta Classic EngineIntegrationsAnswered2026-06-11T14:28:19.000Z2026-06-08T17:35:48.000Z2026-06-11T14:28:19.000Z

JustinD.98448 (Cathay Bank) asked a question.

June 8, 2026 at 5:35 PM
PKCE Enabled setting not visible in Preview for Salesforce

According to the KB and announcements Okta has been sending regarding the mandatory Salesforce requirement for PKCE-enabled provisioning, this updated integration is available in preview effective June 5th, and in production effective June 11th:

https://support.okta.com/help/s/article/update-salesforce-provisioning-applications-to-support-pkce?language=en_US

 

 

 

However in our preview right now, there is no such setting available yet. We have an application using the Salesforce integration with OAuth provisioning enabled, and there is supposed to be a new checkbox labeled "PKCE Enabled". Doesn't seem to be there yet. Anyone else able to see it?

 

With Salesforce's enforcement date of 6/25, we really need to ensure this will not impact business.

  • 1 answer
  • 35 views

  • Paul S. (Okta, Inc.)

    Hello @JustinD.98448 (Cathay Bank)​ Thank you for posting on our Community page!

     

    In order to see this option available on the Okta application, this requires action on both Salesforce and Okta environments.

    Step 1: Update the Connected App in Salesforce

    1. Log in to your Salesforce environment as a System Administrator.
    2. Navigate to Setup (the gear icon in the top right).
    3. In the Quick Find box, type App Manager and select it.
    4. Locate the Connected App you created for Okta provisioning. Click the drop-down arrow next to it and select Edit.
    5. Under the API (Enable OAuth Settings) section, locate and check the box for Require Proof Key for Code Exchange (PKCE) Extension.
    6. Click Save.

     

    Step 2: Re-authenticate the Integration in Okta

    1. In the Okta Admin Console, go to Applications > Applications.
    2. Select your Salesforce application.
    3. Click the Provisioning tab, and then select Integration from the left-hand Settings menu.
    4. Click Edit.
    5. Select the PKCE Enabled checkbox. 
    6. Click the Re-authenticate with Salesforce.com button.
    7. A new Salesforce window will open. Enter your Salesforce System Administrator credentials and click Allow to provide consent for the new PKCE-compliant OAuth flow.
    8. Return to the Okta Admin Console and click Save.

     

    Please also review our documentation below as well:

    https://support.okta.com/help/s/article/update-salesforce-provisioning-applications-to-support-pkce?language=en_US

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @JustinD.98448 (Cathay Bank)​ Thank you for posting on our Community page!

     

    In order to see this option available on the Okta application, this requires action on both Salesforce and Okta environments.

    Step 1: Update the Connected App in Salesforce

    1. Log in to your Salesforce environment as a System Administrator.
    2. Navigate to Setup (the gear icon in the top right).
    3. In the Quick Find box, type App Manager and select it.
    4. Locate the Connected App you created for Okta provisioning. Click the drop-down arrow next to it and select Edit.
    5. Under the API (Enable OAuth Settings) section, locate and check the box for Require Proof Key for Code Exchange (PKCE) Extension.
    6. Click Save.

     

    Step 2: Re-authenticate the Integration in Okta

    1. In the Okta Admin Console, go to Applications > Applications.
    2. Select your Salesforce application.
    3. Click the Provisioning tab, and then select Integration from the left-hand Settings menu.
    4. Click Edit.
    5. Select the PKCE Enabled checkbox. 
    6. Click the Re-authenticate with Salesforce.com button.
    7. A new Salesforce window will open. Enter your Salesforce System Administrator credentials and click Allow to provide consent for the new PKCE-compliant OAuth flow.
    8. Return to the Okta Admin Console and click Save.

     

    Please also review our documentation below as well:

    https://support.okta.com/help/s/article/update-salesforce-provisioning-applications-to-support-pkce?language=en_US

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

Loading
PKCE Enabled setting not visible in Preview for Salesforce