Summary
A 403 Access Forbidden error during an Okta login via Safari on an iOS device occurs because the Apple iCloud Private Relay feature interferes with the connection. To restore access, end users must manually disable iCloud Private Relay on their mobile device, or Okta Administrators can add an enhanced dynamic zone to block all IP service categories except the Apple iCloud Relay Proxy.
NOTE: The 403 Access Forbidden error indicates that the user cannot access the page. If an iOS device is not being used to access Okta and a 403 Access Forbidden error still occurs, review User Receives "403 Access Forbidden" Error When Logging In.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Okta Dashboard
- Okta Admin Console
- iOS
- Safari
Why iCloud Private Relay Causes a 403 Error
The iCloud Private Relay feature on the iOS device interferes with the connection to the Okta tenant, resulting in a 403 Access Forbidden error.
Resolving the Safari 403 Forbidden Error on iOS
How can Okta end users restore access?
To resolve this issue and restore Okta access, end users must disable the iCloud Private Relay option on the affected iOS mobile device by following these steps:
- Open the Settings app on the iOS device.
- Tap the user's Apple ID profile name at the top of the menu.
- Tap on iCloud.
- Tap Private Relay.
- Toggle the switch to turn off Private Relay.
- Tap Turn off Private Relay to confirm.
Troubleshooting a Missing Private Relay Setting
If the Private Relay setting is not visible in the iCloud menu, it may be due to an absence of an iCloud+ subscription, regional restrictions, or Mobile Device Management (MDM) configurations. In such cases, the user must contact Apple Support for further assistance, as this specific device issue falls outside the scope of Okta Support.
How can Okta Administrators resolve this error?
Administrators can deactivate the default enhanced dynamic zone, add a new enhanced dynamic zone in the Okta Admin Console, and configure it to block all IP service categories except the Apple iCloud Relay Proxy by following the steps in the knowledge article below:
