This article clarifies why a user receives the following error when attempting to access Okta:
403 Access Forbidden
- Authentication Policy
- Sign-on Policy
- Network Zone
- ThreatInsight
- State Token
The 403 Access Forbidden error indicates that the user cannot access the page. This error can occur for several reasons:
-
The user does not meet the Sign-on Policy requirements that apply to them.
-
The user attempts to access the tenant from an Internet Protocol (IP) address that a Network Zone blocks.
-
Access is blocked by ThreatInsight.
-
The user accesses the integrated application, opens a new browser tab, stays with the new tab for more than 5 minutes, and then returns to the original browser tab to access the integrated application. The current State Token expiration time is 5 minutes.
Perform the following steps to resolve the problem:
-
Review the Authentication/Sign-on Policies that apply to the user and ensure that the user meets the requirements to be allowed access.
-
Review the configured Network Zones to ensure that the user's IP address is not being blocked.
-
Review "403 Access Forbidden" when Navigating to the Login Page.
NOTE: The current State Token expiration time is 5 minutes.
Related References
- "403 Access Forbidden" when Navigating to the Login Page
- iCloud Private Relay Authentication is Blocked by Dynamic Network Zone
- When Accessing the Admin Dashboard a 403 Error Appears
- 403 Access Forbidden on Okta Login from iOS Mobile Devices
- Authentication policies
- Sign-on policies
- Network zones
- State Token
