NamanS.35224 (Customer) asked a question.
We are currently locked out of our Okta tenant due to a misconfiguration in the Certificate-Based Authentication (CBA) policy.
Issue Summary:
We recently applied a Certificate-Based Authentication (CBA) policy, but it was incorrectly configured to apply to all users. As a result, no users (including Admins) are able to log in to the Okta Admin Console or End-User Dashboard. We do not have any alternate authenticator or break-glass accounts excluded from this policy.
We urgently request the following:
1. Temporarily disable the CBA authentication policy or rule that is enforcing the certificate requirement.
2. Enable access to at least one Super Admin account using password + existing MFA (Okta Verify or TOTP).
3. Provide any alternate recovery options that may help restore admin access.
This issue is blocking all administrative operations and user access, so we would greatly appreciate your prompt assistance
For raising case it is asking to login through Okta identity engine workforce but eanble to do as on login it prompting CBA
Hi @NamanS.35224 (Customer) , Thank you for reaching out to the Okta Community!
If you have an account with us and are a SuperAdmin/Case Admin please call the support line (800) 219-0964 (Customer Support Account ID number required) to discuss the matter with the Support Team. They'll be able to access additional tools and resources to help resolve the issue.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.