vzcgx (vzcgx) asked a question.
Unable to Sign in after Enabling User Account
We've started noticing this issue where the after reenabling a user account, you are then place in this constant loop trying to sign in. This happens on all user profiles, all browsers and application integrated with Okta. I am also attaching a picture of what is happening.
Pulled some activity logs from Chrome
E0000004: Authentication exception
HTTP Status: 401 Unauthorized
Authentication failed
Hide Example Error Response
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"errorCode": "E0000004",
"errorSummary": "Authentication failed",
"errorLink": E0000004,
"errorId": "samplebhyiH5n_XBxO_u9wnQb",
"errorCauses": []
}
Image is not available
Hello @vzcgx (vzcgx)
Thanks for posting.
The HTTP Error Code 401 and "Authentication failed" message will always be returned for requests with invalid credentials, locked out accounts or access denied by a sign-on policy. This is expected, and is in place for security reasons. There is not an option today to modify the error code and present what is incorrect as this is made to stop brute force attempts. Okta will provide the least amount of information as possible for authentication failures, so that if someone is trying to hack into user account, they should not get much information as why authentication is failing or they should not know what state user is in.
An activation email is sent to the user informing them that their account is active after you reactivate the account. You can edit the content of these emails on the customize email page.
A blue check mark on the Set Password and Activate button indicates Set by admin option was selected when the user was added.
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.
Thanks Daniela, I appreciate your assistance. Though I posted that error what I am more concerned about is the actual behavior. This account is managed within Active Directory, so even after confirming that the user account is Active, password is working as expected "On another workstation", MFA on the account has been removed, the user on his end gets this constant loop stating "unable to sign in" under it. Again we have already confirmed at this point that the user's account is working on another workstation. The workstation that is giving the above "unable to sign in" error does not allow the user to go any further even after clearing all cache and testing on 3 different browsers. We've even gone as far as to recreate the users profile on that machine but still get the "unable to sign in" with a spinning wheel above it. This problem workstation is a domain workstation if this helps.
I am having the same issues with one AD mastered account.. Where you able to find a solution?
Unfortunately not, the only two options that I saw that worked was to remove the workstation from the domain and or reimage. It's an annoying issue.
Also seeing this issue where users are not able to login, although okta logs show that they successfully logged it. We tried logging in from our end using "different computer"/"another workstation" and it worked. But our end user doesn't have "another workstation" to work with.
Could you elaborate on the "remove the workstation from the domain" part, is there a way to do so from okta admin dashboard? Thanks!