Common Okta Login Failures
Nov 27, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
This article provides an overview of common Okta authentication errors that users might encounter during login attempts. It includes error codes, their descriptions, and basic troubleshooting steps to resolve these issues.
Applies To
- Login Failures
- Authentication Errors
Solution
| Error | Error Code | Description | Basic troubleshooting steps |
|---|---|---|---|
| INVALID_CREDENTIALS | E0000004 | The provided credentials were incorrect | Ensure that the username and password are correct. Copying the values may sometimes capture invalid characters. Try entering the credentials manually. |
| LOCKED_OUT | E0000069 | The user exceeded the allowed number of failed login attempts (typically 3-5 attempts) or did not satisfy the MFA requirements. | This article discusses situations in which users locked themselves out of their accounts by failing to enter the password correctly or to satisfy the required Multi-Factor Authentication (MFA): Failed Login Attempts Allowed Before an Account Is Locked Out and How to Unlock It. |
| PASSWORD_BASED_LOGIN_DISALLOWED | - | Password login is not permitted for this user | To resolve the issue of password reset for users created through social login or an external identity provider, the password reset must be performed on the social login side. For more details, refer to this article: Resolve Password Reset Issues for Users Created via Social Logins/External IDP in Okta. |
| UNKNOWN_USER | E0000007 | The system cannot find the user attempting to authenticate | Verify the username is correct and that the user account exists in the system. Check for typos or case sensitivity issues. |
| VERIFICATION_ERROR | - | Error occurred during the verification process |
For more details, refer to this article: Understanding "FAILURE: VERIFICATION_ERROR" in System Log. |
| GENERAL_NONSUCCESS | E0000006 | A general failure that does not fall into other specific categories | Check system logs for detailed error messages. Contact the system administrator if the issue persists. For example, when logging in with an external SAML Identity Provider (IdP) fails due to this error, detailed error messages can be found in the system logs. For more information, see this article: “400: Bad Request Error Code: GENERAL_NONSUCCESS” Received when Attempting Login with SAML IDP. |
| MFA_REQUIRED | E0000047 | Multi-Factor Authentication is required, but not provided | Complete the MFA setup process. Ensure you have access to a registered MFA device. Please see this documentation for more details: Transaction state. |
| SESSION_EXPIRED | - | User's session has timed out and requires re-authentication | Log in again to start a new session. Okta does not generate log events for non-explicit user logouts. That means if a user's session expires due to either idle time or max session lifetime, an event is not generated in the System Log. Okta only generates one if the user explicitly logs out by clicking the Sign out button or if an admin revokes the user's session: Does System Log Show when a User's Session Times Out or Ends. |
| INVALID_TOKEN | E0000011 | The API token provided is invalid or expired | Generate a new API token. Ensure the token has not exceeded its validity period. Verify that the Okta account used to create the API token is still active. For more information, please see: Error "HTTP 401 Okta E0000011 Invalid Token provided". |
| RATE_LIMIT_EXCEEDED | E0000047 | Too many login attempts in a short time period | This error occurs when the API call exceeds the rate limit due to too many requests. For details about authentication and end-user activity rate limits, see our documentation: Authentication and end-user rate limits. |
| NETWORK_CONNECTION_ERROR | - | Cannot establish a connection with the authentication server |
A network connection error when logging into Okta indicates connectivity issues between the device and Okta servers. Here are the main areas to check:
|
| PASSWORD_EXPIRED | - | User's password has expired and needs to be reset | Follow the password reset procedure and create a new password that meets the system's complexity requirements. Users also see this error when they are in a Password Expired state in Okta and authenticate via External IdP into Okta. For more details and resolution, see this article: Get Password Expired: 400 Status when Providing Valid Authentication via External IDP. |
