When trying to request credentials for an Okta Service Account, the following error is displayed:

Error requesting access: Error creating access request

An HTTP Archive (HAR) trace in Developer Tools results in a 400 Bad Request response.

• Okta Privileged Access (OPA)
• Okta Classic Engine
• Okta Identity Engine (OIE)
• Access Requests
• Approval

The issue is caused when the user making the request is not part of the assigned pushed group selected in the Access Request Audience configuration.

To resolve this issue, change the audience restriction to Everyone at <OPA Team Name> or assign the user to the assigned Pushed Group in Okta admin.

Change the audience restriction by following the steps below:

1. Navigate to the Okta Access Requests application in Okta.
2. Go to the Requests section and choose Privileged Access, then select the Privileged Access Request that was configured for the OPA Team.
3. Click the 3 dots in the upper-right corner of the Access Request tile.
4. Select the pencil icon in the upper left near the name of the Access Request being edited. 
5. Select the Audience drop-down, change it to Everyone at <OPA Team Name>, then click Continue after making the change.

6. Select Update in the upper right to commit the changes.

To assign the missing user to the Okta Pushed Group, follow these steps:

1. In the Okta Admin Console, navigate to Directory > Groups.
2. Select the Group where the missing user needs to be added.
3. Select Assign people.
4. Assign the user to the group by clicking the + icon on the right.

Related References

• Okta Privileged Access with Access Requests
• Manually assign people to a group