<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
"403 Access Forbidden" when Navigating to Login Page
Jul 29, 2024
Okta Identity Engine
Administration
Overview

After too many incorrect login attempts, a single user is receiving the following error when navigating to the login page:
403 Access Forbidden

403 Access Forbidden
 

Searching the System Log for: 

eventType eq "security.threat.detected" 

shows Request from suspicious actor Deny with that same user's IP address.

 

Applies To
  • ThreatInsight
  • System Log
Cause
A password spray event was triggered when the user incorrectly guessed their password too many times.
Solution

The user's IP address will be unblocked automatically after 24 hours. If is desired to immediately unblock the user's IP address, review the following knowledge article: How to Unblock an IP Address that is Blocked by ThreatInsight.

NOTE: IPs in the included Network Zones will not be logged or have actions enforced based on threat level by Okta ThreatInsight. These IPs will proceed to evaluation by sign-on rules. This ensures traffic from known, trusted IPs is not flagged by Okta ThreatInsight.

Related References

Recommended content

Still looking for help?
Loading
"403 Access Forbidden" when Navigating to Login Page