User Receives Error "You do not have Permission to Perform the Requested Action"
Jun 20, 2025
Okta Classic Engine
Insights and Reporting
Okta Identity Engine
Administration
Overview
When attempting to sign in to Okta, the following error is received:
You do not have permission to perform the requested action.
Applies To
- Org-level login
- Single Sign-On (SSO)
- ThreatInsight
Cause
If ThreatInsight is enabled with the Log and enforce security based on threat level setting selected under Security > General > Okta ThreatInsight settings in the Admin Console, the user's IP address is likely to have been flagged as suspicious and blocked.
Solution
To validate blocked login attempts, Administrators can:
- Navigate to the Okta System Log under Reports > System Log.
- Search for any recent login activity associated with the impacted user.
- When associated events indicating an "Evaluation of sign-on policy DENY" are observed, the event should be expanded and the associated Sign-on Policy investigated to ascertain why the policy is denying the login attempt. If this is not the case, proceeding to the subsequent steps is advised.
- Note the client IP addresses associated with the recent login activity and any consistent login failures. Tip: If there is a lot of user activity, it will be easier to download the System Logs to a CSV and filter by the IP Address(es) from there.
- Create a new System Log search using the following query for each IP address:
actor.id eq "InsertIpAddressHere" and eventType eq "security.threat.detected" and outcome.result eq "DENY"
If there are any Suspicious Activity events returned, this is an indication that Okta has temporarily blocked at least one of the IP Addresses.
