Regarding publishing an integration on OIN Manager

Hi, I’m currently in the process of drafting a submission in OIN Manager and I have a couple questions:

  • When configuring OIDC, the Redirect URI depends on the tenant’s service provider domain, so I created a variable named domain of type HTTPS URL. I expected ${app.domain}/signin-oidc to be a valid URL as my variable is of type HTTPS URL. My question is: what is the proper way of asking for a custom domain and using it to build a Redirect URL?

  • I also wish to write a configuration guide, where the relevant information such as the Client Id are automatically added and highlighted just like at step 5 in this guide. I did not find any documentation on how to add this feature to my guide.

Thanks in advance

Hi Sannera,
For the RedirectURI please reference Configure protocol-specific settings | Okta Developer,
If you’re using a per tenant design, include the variable names that you created. For example:

  • https:// ${app.variableName} .okta.com
  • https://okta- ${app.variableName} .com

For the guide, I believe that this is only available for SAML applications, but I will verify. To see samples of exiting integration documents I suggest adding an application in your Org and filtering by OpenID Connect. From all the existing OIDC applications I have seen, the integration document is linked to your own hosted document, unlike the SMAL docs. Okta will add a link that will give the Metadata for the Org that will be using your application.

Hi Erik,

Thank you for your answer.
I had already found this documentation regarding configuring protocol-specific settings.
I guess my question really is: if my variable is of type “HTTPS URL”, then why isn’t “${app.variableName}” recognized as a valid HTTPS URL?

I just ran through a mock submission and if I set a variable type as https, and make the label ‘domain’, Okta automatically creates a read-only variable named ‘${app.domain}’. So what you have is correct.

I did check on the configuration guide. Only SAML applications have their guides hosted by Okta with Org param substitution. For OIDC guides the ISV is responsible for hosting the guide and there is no substitution functionality.

Hi Erik,
I still fail to understand why I have this behavior:


If my domain variable will truly contain a HTTPS URL, then its value should be recognized as a valid HTTPS URL (ultimately my goal would be to have a Redirect URL of the form “${app.domain}/signin-oidc”). Otherwise, if the domain variable won’t always contain a valid HTTPS URL, then I would find the variable type “HTTPS URL” very misleading.