Okta's "Read-only Mode" is a feature that may be enabled during system maintenance or when an organization has failed over to the disaster recovery region through Standard Disaster Recovery (DR) or Enhanced Disaster Recovery (DR). In this mode, write actions are not allowed (for example, creating users, modifying policies, etc.), and a banner is displayed in the admin Dashboard notifying the organization is in “Read-only Mode”.
During read-only mode, certain functionalities are affected, including:
- User Creation
- User Imports
- Application Integration Changes
- Policy and Setting Changes
- Rearranging Apps/Tabs on Homepage
- Just-In-Time (JIT) Provisioning
- Agent Installation
- Agent Monitoring
- IWA Failover
- API Calls (other than reads)
Additionally, AD password changes through Okta are not allowed during read-only mode, and OMM does not push an AD password change to the mobile device if the AD password change is made outside of Okta during read-only mode. However, end-users will still be able to SSO during this time, and background jobs such as imports, OMM enrollment, OMM de-provisioning, and JIT provisioning will be queued and restarted once read-only mode is disabled.
- Okta Read Only mode
- Okta Classic Engine
Read-only mode can sometimes be enabled during system maintenance without interrupting users' ability to log in. It will also be enabled if an organization has failed over from its primary region to the failover region in the event of a natural disaster or infrastructure outage.
To resolve issues related to read-only mode, users should wait until the maintenance is completed or until the organization has failed back to the primary region.
User imports are rescheduled according to the application's import schedule configuration. For example, if an app's imports are scheduled hourly and scheduled to begin while the data store is in read-only mode, the import does not start and will be queued the next hour per the schedule.
