<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Single Logout (SLO) Fails Due to Expired Okta Session
Jul 29, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article explains a Single Logout (SLO) failure that can occur when an application's session is longer than the Okta session. When the application sends an SLO request upon its own session timeout, Okta does not process it because the corresponding Okta session has already expired. This leaves the user improperly logged out from the broader session context.

Applies To
  • Single Logout (SLO)
  • Security Assertion Markup Language (SAML)
Cause

The Single Logout (SLO) process fails because the Okta session expires independently and earlier than the application's session. When the application sends the SLO request, there is no active Okta session to receive and process it, preventing the logout from completing successfully.

Solution

To resolve this behavior, a specific feature must be enabled for the organization. Contact Okta Support and reference this article to have the feature enabled.

Recommended content

Still looking for help?
Loading
Okta Single Logout (SLO) Fails Due to Expired Okta Session