<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Browser Needs 3rd Party Cookies Enabled for Authentication to Work Inside iFrame
Jan 23, 2026
Okta Classic Engine
Okta Identity Engine
API Access Management
Overview

Users are unable to authenticate when accessing an application embedded in an iFrame. This issue occurs when the Enforce device matching for creating sessions feature is enabled.

 

The users may see a 403 forbidden error returned by Okta:

 

Error

Applies To
  • Enforce device matching for creating sessions
Cause

The browser blocks third-party cookies, which prevents the Device Token (DT) cookie from being passed correctly within the iFrame. The Enforce device matching for creating sessions feature relies on this cookie to validate the device identifier. When the cookie is blocked, the validation fails.

Solution

To resolve this issue, either:

  1. Enable third-party cookies in the browser settings.
  2. Disable enforce device matching for creating sessions.

Recommended content

Still looking for help?
Loading
Browser Needs 3rd Party Cookies Enabled for Authentication to Work Inside iFrame