If there are two exact usernames but with different emails, one of them being okta.user@okta.com and the other one okta.user@gmail.com, if the user attempts to log in with okta.user, without adding the email as well, it will result in Unable to sign in, and the following error will be shown in the Okta System Log:
- Okta Classic Engine:
User login to Okta FAILURE: NOT_SPECIFIED
- Okta Identity Engine:
User login to Okta FAILURE: VERIFICATION ERROR
- User Profile
Okta cannot identify which user is trying to log in since the same username is shared.
- In Classic Engine, if both users are active, then the following error will be shown in the Okta System Log:
User login to Okta FAILURE: NOT_SPECIFIED
The following query shows this event:
eventType eq "user.session.start" and outcome.result eq "FAILURE" and outcome.reason eq "NOT_SPECIFIED"
- In Okta Identity Engine, if both users are active, then the following error will be shown in the Okta System Log:
User login to Okta FAILURE: VERIFICATION ERROR
The following query shows this event:
eventType eq "user.session.start" and outcome.reason eq "VERIFICATION_ERROR"
Further expanding the System Logs, the details show that the Display name and ID are unknown:
- In Okta Classic Engine, if one of the users is deactivated, log in flows that use okta.user without email will be successful.
- In Okta Identity Engine, even if one of the users is deactivated, log in flows that use okta.user without email will result in failure.
Users must use their full username (for example, okta.user@email.com) to be able to log in.
