<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Client Enrollment in Advanced Server Access or Okta Privileged Access Fails with Error "You are not authorized to perform this operation"
May 14, 2026
Okta Classic Engine
Privileged Access
Okta Identity Engine
Overview

An attempt to enroll a client in an Advanced Server Access (ASA) or Okta Privileged Access (OPA) team results in the following error if an incorrect team or syntax is used.

 

error: You are not authorized to perform this operation

 

Applies To
  • Advanced Server Access (ASA)
  • Okta Privileged Access (OPA)
  • Client Enrollment
  • Okta Classic Engine
  • Okta Identity Engine (OIE)
Cause

This error happens if an invalid team name is used or if either the --url or --team arguments are omitted when enrolling in an OPA team.

Solution

For client enrollment in an OPA team, the correct sft enroll command can be found in the UI at the top of the Directory > Clients page.

 

The syntax is: 

sft enroll --url https://<OktaOrgSubdomain>.pam.[okta|oktapreview].com --team <OPA_Team_Name>

Enroll Command from UI Directory > Clients page

Recommended content

Still looking for help?
Loading
Client Enrollment in Advanced Server Access or Okta Privileged Access Fails with Error "You are not authorized to perform this operation"