Delegated Authentication failures occur when an Active Directory (AD) account has workstation logon restrictions that exclude the Okta AD Agent servers. Adding the Okta AD Agent server hostnames to the allowed workstations list in Active Directory resolves this issue. When this restriction exists, users fail to authenticate to Okta using Delegated Authentication, and Okta generates the following error in the System Log:

Authenticated user with AD agent FAILURE: Login Failed

The System Log entry includes error code 1329, which corresponds to the following Microsoft error message:

This user isn't allowed to sign in to this computer.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Active Directory (AD)
• Delegated Authentication

The user's Active Directory account is restricted to log on to specific workstations, and this list does not include at least one of the Okta AD Agent servers.

What steps resolve the 1329 error during Okta login?

Add all Okta AD Agent server hostnames to the allowed workstations list in Active Directory by modifying the account properties.

1. Open Active Directory Users and Computers.
2. Find the affected user account and open the account properties.
3. Go to the Account tab, select Log On To, and add the Okta AD Agent servers to the list or select All Computers.

Related References

• Microsoft System Error Codes (1300-1699)