<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
When Accessing the Admin Dashboard a 403 Error Appears
Sep 12, 2025
Administration
Okta Identity Engine
Overview

An Okta admin is unable to log into the Admin console and is getting the error:

403 Access Forbidden - You don't have permission to access this page.

Error Message 

Applies To
  • Okta Classic Engine
  • Admin Console
  • Multi-factor Authentication (MFA)
Cause

In some cases, an Admin may receive a 403 error when attempting to log in to the Admin console due to the Authentication Policy for the Okta Admin Dashboard application, which requires an MFA factor that the Admin is not yet enrolled in or has had their enrollment removed, or the user does not meet other conditions of the policy.

Solution

Depending on the configuration, the user may still be able to log in to the end user dashboard even if they receive a 403 for the Admin dashboard specifically.

  1. Log in to the end-user dashboard.
  2. Navigate to Settings > Edit Profile.
  3. Enter the password and scroll down to the Extra Verification section.
  4. Under Extra Verification, make sure the user is enrolled in all necessary MFA factors to meet the requirements of the Admin Dashboard application sign-on policy.

To verify the MFA enrollment policy settings, use the following steps:

  1. With a different Admin, log in to the Admin Console and navigate to Security.
  2. Select Authenticators Enrollment tab.
  3. This tab displays all MFA enrollment policies. Make sure that the one applying to the Admin group is active and that the authentication method that is needed is either set to Optional or Required. This will allow the user to enroll in the eligible authenticators during the next login attempt.

If the user is enrolled in all the MFA factors and still does not have access, contact another tenant admin to verify what the authentication policy requires.

To verify the Authentication policy settings, use the following steps:

  1. With a different Admin, log in to the Admin Console and navigate to Security.
  2. Navigate to the authentication policy and view the rule to verify what is required.
  3. Make sure the user meets all the conditions for the rule.
    • For example, make sure Device management selection is not preventing user access.

Device management  

NOTE: If all of the above steps do not resolve the issue, open an Okta Support ticket to investigate further. 
 

Related References

Recommended content

Still looking for help?
Loading
When Accessing the Admin Dashboard a 403 Error Appears