<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
ENG_OIE_UPGRADE_BLOCKER - Your org has been blocked from being upgraded due to a potential impacting configuration.
Oct 15, 2025
Administration
Okta Identity Engine

The following configuration has been identified as part of the preparation needed to perform the upgrade to Okta Identity Engine (OIE). Note, additional Okta features may require reconfiguration or be disabled in order to complete the upgrade.

Additional Consent Required - ENG_OIE_UPGRADE_BLOCKER - Your org has been blocked from being upgraded due to a potential impacting configuration; please contact Support to identify the path to resolution. Provide Org id: [orgId]

Upgrade Eligibility: Eligible - Okta Assistance Required

How does this impact the upgrade to OIE?
A configuration has been detected that may significantly impact the way Okta Identity Cloud functions post-upgrade compared to the current classic method, which may impact the user experience or general functionality. To identify the exact configuration in question, please contact Okta support to acknowledge and remove the flag to permit the Okta Identity Engine upgrade to be executed.

Due to the potential impacts, it is highly recommended to test and verify your user critical user experiences in a lower environment prior to production deployment.

Reasons for this org being flagged:

  • Embedded Sign-in Widget with Self-Service Registration policy enabled

  • Usage of the Registration API outside the Sign-in Widget SDK

  • NOTE: Additional reasons will be added to this list once defined.

To determine the root cause for installation, please contact your account team or the okta support center with the "id" or "Tenant Name" in the message.

Remediation Steps Below

Embedded Sign-in Widget with Self-Service Registration policy enabled [EmbeddedSSR-SIW]

How do I remediate this?
Review the deployment of the Okta Sign-in Widget and verify if the registration feature is enabled.  

Follow the Embedded Sign-In Widget guide on the Knowledge base article.

Once any post-upgrade modifications have been identified, contact support with the Org ID to have the flag removed. (If this is a lower environment, this flag can be removed to assist with the production upgrade planning; Since there is a known impact in embedded Self-Service Registration, in addition to a validated consent, this will not be a valid reason for “roll-back”).

Usage of the Registration API outside the Sign-in Widget SDK

How to remediate this?
Change to a supported Self-Registration method.  

Alternate Method 1: (preferred) Use the embedded Sign-in Widget as the API is intended. Follow the Embedded Sign-In Widget guide on the Knowledge base article.

Alternate Method 2: Switch to the create user core management API defined on the developer reference.

NOTE: The API /api/v1/registration/{{SelfRegFormPolicyId}}/register is not supported outside of the Sign-in widget and will be disabled during the upgrade process.

Once any pre-upgrade modifications have been identified, contact support with the Org ID to have the flag removed. (If this is a lower environment, this flag can be removed to assist with the production upgrade planning. Since there is a known impact in embedded Self-Service Registration, in addition to a validated consent, this will not be a valid reason for “roll-back”).

Recommended content

Still looking for help?
Loading
ENG_OIE_UPGRADE_BLOCKER - Your org has been blocked from being upgraded due to a potential impacting configuration.