<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Login via Delegated Authentication fails with ErrorCode 1329 due to Active Directory LogonWorkstations Restrictions
Oct 7, 2025
Directories
Overview

Users are unable to authenticate to Okta using Delegated Authentication with Active Directory, and the following error is displayed in System Log:

Authenticated user with AD agent FAILURE: Login Failed

System log 

The error code in the System Log entry is 1329. This Microsoft error code states:

This user isn't allowed to sign in to this computer.

Delegated Authentication ErrorCode 1329
 

Applies To
  • Active Directory (AD)
  • Delegated Authentication
Cause
The user's Active Directory account has been restricted to logon to specific workstations and this list does not include at least one of the Okta AD Agent servers.
Solution

Add all Okta AD Agent server hostnames to the Log On To list or to the LogonWorkstations attribute in AD.

  1. Open Active Directory Users and Computers.
  2. Find the affected user account and open its properties.
  3. Go to the Account tab, click Log On To, and ensure the Okta AD Agent servers are listed or All Computers is selected.
Active Directory Log On To


Related References

Recommended content

Still looking for help?
Loading
Okta Login via Delegated Authentication fails with ErrorCode 1329 due to Active Directory LogonWorkstations Restrictions