A Token Expired error occurs when end users accept activation emails because an email provider or third-party tool scans the link before use. Resolve this issue by disabling the anti-phishing filter or third-party scanning tool.

End users receive the following error message when attempting to accept an activation email from an Okta tenant:

Token Expired

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Activation Email
• Token

This issue occurs when the user's email provider uses an anti-phishing filtering system that checks links received via email in the backend for malicious content. This action invalidates the activation token because the token is for one-time use only.

Third-party tools that access or scan the activation link before the end user clicks the link also cause this issue.

How is the expired token error resolved?

Prevent email providers and third-party tools from accessing the activation link before the end user clicks it by adjusting the email provider settings and disabling third-party tools.

• Request that the email provider disable the anti-phishing filtering system so the activation link remains unaccessed before the end user clicks it.
• Disable all third-party tools that access or scan the link.