Redirect to Login or Application After Activation

Hi @swaroop.shekar

The embed URL appears if you have under General tab the option “Login initiated by” set to “Either Okta or App”.

If you enable the option above, do you still receive the 404?

Hi there,

I am posting this as of 6/15/2019, and I am about to implement one of these “workaround” solutions, but I just wanted to check with the developers whether the mentioned solution has been released?

I don’t want to go to the trouble of a custom workaround if this feature exists.

If not, I do have one question. In my Okta dashboard it says that editing the redirect email template will disable the automatic language translation. Would modifying the URI in the redirect disable the automatic translations too?

Thanks!
Zach

1 Like

Hi, I am attempting to implement the fromURI solution with the bookmark but am unable to make it work. The activation email I receive has the ‘fromURI’ query string appended but it does not redirect. I am still taken to the okta homepage and the ‘fromURI’ query string never gets consumed. I can still see it in the address bar. Any suggestions?

3 Likes

I’m seeing the same as @dcourts.

I’d like our activation to redirect to our own site.

What is the expected behaviour of this now? Is it documented anywhere?

Cheers,
Rikki

Hi Rikki,

I was able to solve this problem after contacting okta support. There was a global setting that was overriding the fromURI in the query string. In the okta portal check for your Global Default Redirect Setting. This is located in Settings > Features. Make sure this is turned off.

2 Likes

Thanks @dcourts! Super helpful.

I can’t see Settings > Features, I’ve only got Settings > Account. Is Features a paid-only page? I’m on an *.oktapreview.com authorization server while we evaluate whether we can do what we need with Okta. (I recognise you’re a fellow user, not a Okta rep, but you might know, eh? ;-))

Okta hides some things behind feature flags so you may need to open a support ticket and ask them to enable it for you.

We silo our customers by creating an okta app for each one and associate it with an instance of our webapp that’s running on a separate subdomain for each customer

The current okta email workflows don’t really work because we need to redirect the users to their company’s subdomain landing page. The above solutions dont work either as we need to send the user back to the app/url they came from

The hack we’re using until okta provide a better workflow is to hijack one of the available user level properties (secondary email) when provisioning the user and put the URL in there app@companysubdomain.ourapp.com

we then strip out the app@ when creating the fromURI value so that it points to the custom subdomain

Maybe this’ll help someone else

2 Likes

Since many people are still struggling with the redirect after registration: Any answer from Okta?

1 Like

any thoughts on how the user activation email template would work if there are different applications living under the same Okta tenant and each one has its own domain which points to its unique login page? Is there a way to pass different bookmarks to the href="${activationLink}?fromURI Welcome Email? Thank you.

@MRey Check this article, hopefully, it answers your question.
Email template is not based on application.It can be leveraged by user profile attributes.
https://support.okta.com/help/s/article/How-to-leverage-different-activation-email-templates-based-on-a-user-profile-attribute-value?language=en_US

Hello,

Do we have any update on this one ? Is there a way a new user activation can be incorporated in to signin-widget flow ? I see it for for RecoveryToken but not for ActivationToken/ ResetPassword Token.

And also noticed that the user activation link (i.e. sendEmail=false) generated from user lifecycle activation api does not support fromURI parameter
i.e. https:///<>/welcome/Pzp3vV16A4LjmUNfZ6oF?fromURI=http://localhost:4200/siginin

Where as the reset-password link (i.e. sendEmail=false) generated from reset_password lifecycle does support the fromURI parameter.
i.e. https://<>/signin/reset_password/drpCQqCLMlr6cmM2wf_7?fromURI=http://localhost:4200/signin

I have a similar use case where I have to construct a custom registration flow and custom sign-in flow for a particular application. The flow is as follows:

  1. User navigates to unprotected, sign-in page of an app that is hosted elsewhere.
  2. User clicks Register.
  3. I collect and validate some attributes including the credential (assume isValid).
  4. Invoke /api/v1/users?activate=false to create the user.
  5. Invoke /api/v1/users/{{userId}}/lifecycle/activate?sendEmail=true to activate the user and send the verification email.
  6. User clicks the link in the verification email.
  7. Here is where the exception case is encountered. I do not want the user to be directed to the Okta sign-in widget for verification. I want the user to be directed to my custom sign-in flow.

I’ve tried to append the relayState as a queryString and also inside of the …/active request body. Neither were respected.

1 Like