Custom ToTP when using brand with cname

Hi ,
I use a brand with cname + I edited the template.
My default app (with Okta’s subdomain) has my custom ToTP authenticator when trying to login but on my brand with the cname it has no custom authenticator , just a password.
Wondering if I need to add some config to my template in order to display that option.



When using Okta with a custom brand and a CNAME (Canonical Name), you may encounter issues with the appearance of custom authentication options in the sign-in widget. Here are some steps to consider to ensure your custom authenticator options are displayed correctly on your branded Okta login page:

  1. Check Branding Configuration:
  • Verify that your custom brand configuration is correctly set up in your Okta admin console. Ensure that you have associated your custom sign-in page template with the brand.
  1. Template Configuration:
  • In your custom sign-in page template, confirm that it includes the necessary HTML and JavaScript to display custom authenticator options. You should customize the template to include UI elements for your authenticator, which could be TOTP (Time-based One-Time Password), custom MFA (Multi-Factor Authentication), or any other authentication method.
  1. Verify the Sign-In Widget Configuration:
  • Use OktaUtil.getSignInWidgetConfig() to retrieve the sign-in widget configuration. Check that the configuration specifies the custom authenticator method you want to display. Ensure that the authParams or authParams.display is set to include your authenticator as an available factor.
  1. Brand Configuration and Theme:
  • The custom brand settings should also include the theme settings for your login page, which can affect the visual appearance of the sign-in widget. Ensure that your custom theme is correctly applied.
  1. Check for Errors:
  • Inspect your browser’s developer console for any JavaScript errors or network requests that might help diagnose the issue. It could reveal issues with loading the necessary resources or data for your custom authenticator.
  1. Browser Caching:
  • Sometimes, browser caching can cause issues with the display of updated pages. Try clearing your browser cache to ensure you’re loading the latest configuration.

If you’ve verified the above steps and are still experiencing issues with the custom authenticator not appearing correctly in the sign-in widget for your branded CNAME domain, it’s recommended to review your template and brand configurations in the Okta admin console

Regarding steps 2 and 3 - my authentication policy clearly specifies my custom OTP authenticator as a possible single factor of authentication. My expectation was that the sign in widget will get this config from the server by default and render the UI accordingly, just like it does in default apps (such as the Okta Dashboard which works great with the same authentication policy).
If the widget configuration doesn’t include the relevant authParams then could you please point me to the relevant documentation that explains how to add it myself?
I just don’t understand why am I expected to interfere with the Okta UI and add some of the login options myself if they are already configured by my authentication policy.

oh those are great question my friend .