OIDC discovery document for oktapreview.com

I work for a SaaS vendor which supports Okta as an identity provider.

When setting up a new identity provider, we supply a well known metadata URI. For okta this is typically of the form https://XXX.okta.com/oauth2/default/.well-known/openid-configuration

However for a new customer I’m trying to subscribe now, that returns a 404. I can find a metadata document for them at https://XXX.oktapreview.com/.well-known/openid-configuration. Unfortunately this isn’t working as yet. A couple of questions:

  1. What is the significance of the domain oktapreview.com versus okta.com
  2. Is there a significance to the different path .well-known/openid-configuration versus oauth2/default/.well-known/openid-configuration. IIRC the default in the path was the name of a specific resource in okta. Is this required?

It sounds like the org in question is missing API Access Management (API AM) feature/SKU - The oauth2/default/.well-known/openid-configuration refers to the “default” custom authorization server whereas .well-known/openid-configuration refers to the “org” authorization server. You can read a bit more about this here: Authorization Servers | Okta Developer

Do you have an Okta AE you can reach out to to help get this enabled for you?


Many thanks Ty! I’ll give our account execs reference to this answer and they can hopefully move forward from there.

One more question, could you qualify the difference between okta.com and oktapreview.com?

okta.com is production whereas oktapreview.com can include beta and early access features, some more on that here:


1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.