"Unable to Sign In" Error Instead of Self-Service Unlock When Show Lockout Failures Is Enabled in Okta
Last Updated:
Overview
The Show Lockout Failures setting in Okta Identity Engine (OIE) fails to trigger the self-service unlock flow when the User enumeration prevention feature is enabled. Disabling this feature resolves the issue and allows the unlock flow to proceed. When this issue occurs, the user receives the following error message:
Unable to sign in
Applies To
- Okta Identity Engine (OIE)
- Password Policy
- Self-Service Unlock
Cause
The Show Lockout Failures setting has limited relevance because OIE flows automatically initiate the self-service unlock flow when appropriate. However, the User Enumeration Prevention feature blocks the self-service unlock flow from initiating. The system displays the error message instead of initiating the self-service unlock flow.
Solution
How does an administrator resolve the self-service unlock issue?
To resolve this issue and allow the self-service unlock flow to initiate, disable the User enumeration prevention feature. Perform the following steps to modify the setting:
- Choose Security > General.
- Clear the User enumeration prevention setting.
- Save the changes.
