ShawnD.10919 (Customer) asked a question.
Certificate Expired Cant update because we can no longer log in?
Our Certificate expired on our Okta domain brand:
[redacted by moderator]
When anyone goes to login they get this message:
Sign In Denied
You do not have permission to access your account at this time. If you're wondering why this is happening, please contact your administrator.
The problem is I am the administrator. I have also tried a couple other admin accounts. It appears if a cert expires, it won't let you log in at all to update it??
Where I go to: [redacted by moderator] I just get the login failed loop.
There has to be some work around or alternate way of logging into the admin panel.
SO I think I might have been able to update the certificate via the API, but still not able to login via the admin screen. Does the domain / brand get black listed in okta somehow if the cert expires? is there anything I can do to fix this?
Note that users in my app can now login as usual and expected, but when I try to login to okta as an admin I still get the:
"You do not have permission to access your account at this time. If you're wondering why this is happening, please contact your administrator." message.
Hi @ShawnD.10919 (Customer) , Thank you for reaching out to the Okta Community!
The error points towards an authentication policy which may or may not be misconfigured.
In alignment with the Okta Secure Identity Commitment, Okta is requiring customers to use multifactor authentication (MFA) to access their Okta Admin Console. MFA is an effective tool to protect against identity attacks.
We are in the process of rolling this out and you should expect that this will be completed in Q4.
The MFA will be required on all orgs and no admins will be exempt.
We recommend reviewing the Frequently Asked Questions article on this subject.
If you have a production account with us, please leverage it to open a case via the support.okta.com site or call the support line (Customer Support Account ID number required) so our colleagues can investigate and confirm if the issue is related.
If for whatever reason those options are not available for you, please contact your Okta Account Executive or Customer Success Manager, and they will be able to engage the Support team on your behalf.
If no paid developer or production account is available, the only option left is to sign up for a new free trial or developer account and leverage those for testing.
Beyond that, engaging our Okta Sales team to report this would be the only option as it is unfortunately completely outside of the Okta Community Team's scope.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Help others in the community by liking or hitting Select as Best if this response helped you.