Accessing an Okta tenant from an iOS device using the Safari browser generates a 403 error because the Apple iCloud Private Relay feature interferes with the connection. Disabling the Private Relay feature resolves the issue.

403 Access Forbidden

NOTE: If an iOS device is not being used to access Okta and a 403 Access Forbidden error still occurs, review User Receives "403 Access Forbidden" Error When Logging In.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Okta Dashboard
• Okta Admin Console
• iOS
• Safari

The iCloud Private Relay feature on the iOS device interferes with the connection to the Okta tenant, resulting in a 403 Access Forbidden error.

How is the 403 Access Forbidden error resolved on iOS devices?

To resolve this issue and restore Okta access, disable the iCloud Private Relay option on the affected iOS mobile device by following these steps:

1. Open Settings.

2. Tap the user name at the top of the screen.

3. Choose iCloud.

4. Tap Private Relay.

5. Tap the toggle to turn off Private Relay.

6. Select Turn off Private Relay to confirm.

7. Select OK.

What if the Private Relay setting is missing?

If the Private Relay setting does not appear under iCloud, it may be due to an absence of an iCloud+ subscription, regional restrictions, or Mobile Device Management (MDM) configurations. In such cases, the user must contact Apple Support for further assistance, as this specific device issue falls outside the scope of Okta Support.

Related References

• iCloud Private Relay Authentication is Blocked by Dynamic Network Zone
• User Receives "403 Access Forbidden" Error When Logging In