HTTP 400 Bad Request Error During Child Org Login Attempt with Okta Aerial
May 1, 2026
Okta Identity Engine
Okta Aerial
Overview
While attempting to log in to a child org via Okta Aerial, the following error is encountered.
400 Bad Request. Your request resulted in an error. User canceled the social login request.
Upon reviewing the System Logs, an error stating access_denied_by_aerial is observed.
The Aerial Member Role Early Access Feature is also enabled.
Applies To
- Okta Aerial
- Okta Identity Engine (OIE)
Cause
The user who is attempting to log in with Okta Aerial has the Aerial Member administrator role, but this role is assigned via a group. At this time, the Aerial Member administrator role must be assigned individually; otherwise, this error will occur.
Solution
To resolve this error, please assign the Aerial Member role directly to the impacted user. Then, try requesting access and logging in to the Aerial child org again.
