Hi,
our web application hosted on something.ourdomain.com (1) and as part of sign-in we are using okta sign in widget. The sign-in process redirects to something.okta.com (2), after that authentication process redirects to the URL 1 .
In our Okta configuration, I see a brand which has a subdomain URL 2 which is configured for the application that I’m talking about. Is the use of subdomain in our okta configuration considered to be a third party to our application? Please suggest on how can we mitigate this issue.
Based on your description, you are using redirection deployment model (refer this). If that is the case, each domain will be loaded directly on the browser and cookies will be first party during authentication.
The only place where cookie becomes 3rd party is when something.ourdomain.com makes a XHR call to something.okta.com. Some examples of this are embedded deployment model, checking existing Okta session from your app, etc.
If you are impacted by blocking 3rd party cookies, you could try setting up a custom domain in Okta with same TLD as your application domain (for example okta.ourdomain.com or login.ourdomain.com) which will not be blocked by browser.