<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
"Error 403 Forbidden" When Creating OAuth Web Application via API or Terraform
Apr 10, 2026
Okta Classic Engine
Okta Identity Engine
SDKs & Libraries
Overview

When attempting to create an OpenID Connect (OIDC) "web" type application using the Okta API or Infrastructure as Code (IaC) tools like Terraform, the following error occurs:

Terraform Error

Error: failed to create OAuth application: the API returned an error: Self service application assignment is not enabled..
Causes: errorSummary: Self service application assignment for organization managed apps must be enabled.

API Error

{
    "errorCode": "E0000043",
    "errorSummary": "Self service application assignment is not enabled.",
    "errorLink": "E0000043",
    "errorId": "oaeLTJ3aTngQHCg3_4gY_HvDQ",
    "errorCauses": [
        {
            "errorSummary": "Self service application assignment for organization managed apps must be enabled."
        }
    ]
}

This article clarifies why this error occurs and how to resolve it by updating the organization settings or the request parameters.

Applies To
  • Okta Identity Engine (OIE)
  • Terraform Provider
  • Okta API
  • OIDC application
Cause

The error occurs when the application configuration includes the accessibility_self_service parameter when using Terraform (or accessibility.selfService in the API) with its value set to true.

 

In Okta, enabling self-service assignment for organization-managed applications is a prerequisite for setting this property. If this feature is disabled at the organization level, the API rejects the creation request with a 403 Forbidden status.

 

This issue is not specific to Terraform and occurs in any direct API integration attempting to enable self-service assignment for a new application.

Solution

To resolve this error, enable the self-service application assignment settings in the Okta Admin Console or modify the Terraform configuration (or the API request body if that's how the application is being created).

Enable Self-Service Assignment in Okta

  1. Sign in to the Okta Admin Console.

  2. Navigate to Applications > Self Service.

  3. Select the Settings tab.

  4. Click Edit.

  5. Enable Allow users to add org-managed apps.

  6. Click Save.

Self service

Modify Application Configuration

If self-service assignment is not required for the application, update the request parameters to disable the feature.

For API Requests

Locate the accessibility object in the JSON payload and set selfService to false:

"accessibility": { "selfService": false, "errorRedirectUrl": null, "loginRedirectUrl": null }

For Terraform

  1. Locate the okta_app_oauth resource in the configuration file.

  2. Set the accessibility_self_service parameter to false.

  3. Re-run the Terraform plan and apply.

Related References

Recommended content

Still looking for help?
Loading
"Error 403 Forbidden" When Creating OAuth Web Application via API or Terraform