<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

"403 Access Forbidden" Error When Accessing the Okta Admin Console

Administration
Okta Identity Engine

Overview

Okta returns a 403 Access Forbidden error when the Admin Console authentication policy requires a multi-factor authentication factor that the user cannot satisfy, or when the user does not meet another policy condition. Enrolling the user in the required factors and reviewing the authentication policy resolves the issue.

The user cannot access the Admin Console and sees the following error:

 

403 Access Forbidden - You don't have permission to access this page.


Error Message 

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta
  • Admin Console
  • Multi-Factor Authentication (MFA)

Cause

Okta blocks access when the Admin Console authentication policy requires a multi-factor authentication factor that the user is not enrolled in, when enrollment was removed, or when the user does not meet another rule condition.

Solution

How is the Okta Admin Console 403 Access Forbidden error resolved?

These steps confirm required factor enrollment in Okta Identity Engine from the End-User Dashboard.

  1. Sign in to the End-User Dashboard.
  2. Navigate to Account Settings.
  3. Authenticate with the necessary required factor, then navigate to Manage security methods.
  4. Review the Security methods and confirm that the user is enrolled in all factors required by the Okta Admin Console application sign-on policy.

These steps confirm required factor enrollment in Okta Classic Engine from the End-User Dashboard.

  1. Sign in to the End-User Dashboard.
  2. Navigate to Account Settings > Edit Profile.
  3. Enter the password and go to the Extra Verification section.
  4. Review Extra Verification and confirm that the user is enrolled in all factors required by the Okta Admin Console application sign-on policy.

These steps verify the enrollment policy settings with a different administrator account.

  1. Sign in to the Okta Admin Console with a different administrator account.
  2. Go to Security.
  3. Select Authenticators > Enrollment.
  4. Review the policy that applies to the administrator group.
  5. Confirm that the required authentication method is set to Optional or Required so that Okta allows enrollment during the next sign-in attempt.

These steps verify the authentication policy requirements if factor enrollment is already complete.

  1. Sign in to the Okta Admin Console with a different administrator account.
  2. Go to Security.
  3. Navigate to the authentication policy and open the applicable rule.
  4. Review the rule requirements and confirm that the user meets every condition.
  5. Confirm that Device management does not block access.

Device management

NOTE: If these steps do not resolve the issue, open an Okta Support ticket for further investigation.

 

Related References

Loading
Okta Support - "403 Access Forbidden" Error When Accessing the Okta Admin Console