Hi,
our web application hosted on something.ourdomain.com (1) and as part of sign-in we are using okta sign in widget. The sign-in process redirects to something.okta.com (2), after that authentication process redirects to the URL 1 .
In our Okta configuration, I see a brand which has a subdomain URL 2 which is configured for the application that I’m talking about. Is the use of subdomain in our okta configuration considered to be a third party to our application? Please suggest on how can we mitigate this issue.
Thank you for reaching out. My name is Akash from the Okta support.
With regards to your query, I would like to say that since your web application domain and the Okta domain does not match and it is not configured as a custom domain in Okta, it will be considered third party.
Please note that when a user has a cookie from *.okta.com in their browser, that cookie will count as first-party when accessed by the *.okta.com website, and it will count as third-party when accessed from a website on any other domain.
So, you may require to configure the custom domain in Okta to make your application domain the first-party. This documentation will guide you with that process - Customize domain and email address | Okta Developer