Okta Permission Error When Attempting to Create Users Using API
Last Updated:
Overview
An API token creator who lacks the correct Administrator role or has a deactivated account will encounter a permission error when creating users via the API. The following error appears when attempting to create a user using an API call in an API client:
"errorCode": "E0000006"
"errorSummary": "You do not have permission to perform the requested action"
Assigning the correct Administrator role to the user who created the API token resolves this issue.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- API Tokens
- Users API requests
- Administrator Roles
Cause
The user who created the API token lacks the correct Administrator role or has a deactivated account.
Solution
How is the API permission error resolved?
Ensure that the user who created the API token possesses the correct Administrator role to create users. To create users, an admin needs at least one of the following standard admin roles:
- Super Admin
- Org Admin
- Group Admin - Permissions apply only to groups that the admin manages.
Verify the admin roles assigned to the user by navigating to the Okta Admin Console, going to the Directory menu, selecting People, opening the specific user account, and viewing the Admin roles tab.
- Navigate to Directory and select People.
- Select the specific user account.
- Select the Admin roles tab.
