Okta: the Custom domain and TLS configuration

By | 10/04/2019

You can use your own domain configured for Okta.

The one thing worth to mention here is the fact that Okta’s official plugin doesn’t work with a Custom domain feature so you’ll have to use Okta’s URL for the plugin authentification, see the  documentation for details.

Custom domain configuration

Go to the Settings > Customization:

List down, find the Custom URL Domain:

Click on the Get Started, specify the domain you’d like to use, in this current case – the okta.example.com:

Okta will display DNS-record to be added:

Our domains served by the AWS Route53, go there and add the TXT-record:

Click the Next button in the Okta.


Now need to obtain an SSL-certificate for our domain.

Create a CSR, for example on the https://csrgenerator.com site.

In the Common Name set your domain to be used in Okta:

Save the result – the CSR itself and a private key

Go to your SSL’s issuer, it’s the 101domains in our case, buy a new certificate and specify the CSR from the data above:

Validate the domain. Again it depends on an SSL’s issuer, in our case, the DNS will be used:

Get the record to be added:

Add a CNAME-record in the Route53:


TLS in Okta

Now go to the Okta and configure your TLS details.

Here we need to set the Private key and the Certificate.

The private key can be found from the data we got from the https://csrgenerator.com:

cat okta.example.com.csr

And the certificate itself can be taken from its issuer:

Specify both Private key and Certificate in Okta:


The last thing – add a DNS-record with your new domain okta.example.com and point it to the Okta’s URL via a CNAME-record:

Go to the Route53, add the record:

Wait for the DNS propagation and check:

From now – Okta will start using the new Custom domain for all your services.

Still, remember that you have to use the default domain for the plugin authentication.