<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Active Directory Agent Offline with 403 Forbidden Error
Mar 27, 2026
Okta Classic Engine
Okta Identity Engine
Directories
Overview

This article describes an issue where the Active Directory (AD) Agent is offline. The agent logs display the following error when connecting to Okta:

 

403 (Forbidden)

 

Additionally, the system log shows the following entry for the same IP address as the AD Agent host server:

 

Request from suspicious actor DENY

 

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Active Directory (AD) Agent
  • Threat Insight
  • Network zones
Cause

Threat Insight blocked the AD Agent IP address.

Solution
  1. Add the AD Agent host server IP address to a Network zone.
  2. Add the configured zone to the Threat Insight exclusion list. Refer to Exempt an IP Zone from ThreatInsight for detailed instructions.

Recommended content

Still looking for help?
Loading
Active Directory Agent Offline with 403 Forbidden Error