We are having two problems.
First is that for some reason the activation email that okta sends out automatically after adding a user through the api is not using the custom branding that is set up. The activation email has been customized to provide a different redirect link depending on the app that the user was registered to, but none of this customization is on the actual email that is sent out.
Second is that even upon clicking the activation link from the email the users are not able to access and are directed to a page that says “The resource owner or authorization server denied the request.” The users are assigned to the application within okta and the authentication policy only requires a password with email as optional.
Any ideas what is wrong on our end?
The application is just a SPA