Workday ERP administrators may encounter a 403 Forbidden error when attempting to access Okta Real-Time Sync reporting. This error typically occurs when trying to view the Workday Real-Time Sync Reporting page.
Detail error from returned HTTP status: 403 {"errorCode":"E0000006","errorSummary":"You do not have permission to perform the requested action","errorLink":"E0000006","errorId":"[]","errorCauses":[]} at: CallOktaHttpOut
- Workday Real-Time Sync (RTS)
- API token
- Application Administrator
The 403 error can be caused by two primary factors:
- Invalid or Expired API Token
The API token used to authenticate with Okta may be invalid or expired. This can occur due to token rotation policies or accidental deletion.
- Insufficient Permissions
The Service Account used for the Okta integration may not have the required permissions to access Real-Time Sync reporting data. Specifically, the Service Account should possess the Application Administrator role.
To resolve the 403 error, consider the following solutions:
- Verify and Update API Token:
- Check Token Validity: Ensure the API token is valid and has not expired.
- Regenerate Token: If necessary, generate a new API token from the Okta Admin Console.
- Update Workday Configuration: Update the Workday configuration to use the new API token.
- Grant Necessary Permissions:
-
- Assign Application Administrator Role: Confirm that the Service Account has the Application Administrator role. This role provides the required permissions to access Real-Time Sync reporting data.
- Review Access Controls: Check any custom access controls or policies that might be restricting access to the data.
