JeffG.56615 (Customer) asked a question.
User can log into hub to Okta home page but is locked out at the spoke
Hi,
We have an Okta Identity Engine instance in a hub and spoke configuration. Recently we had a user who was locked out at the spoke level because they had mis typed their password too many times. This part is very understandable. However, the same user was able to log into the hub and go to their Okta home page.
Is it a common thing for the user to get locked out at the spoke but still be able to access the hub? Our experience has primarily been that when the user account is locked, the user can't access either hub or spoke.
Thanks,
Hello @JeffG.56615 (Customer) Thank you for posting on our Community page!
It depends if the user is Mastered by the Spoke org or not. If the user is mastered by the Spoke then the fact that he is locked out in one Org will block access to the other Org as well. If the user is a normal Okta user in both Orgs then they will be able to login in one Org even if they are locked out in the other Org.
Thank you for reaching out to our Community and have a great day!
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Join the discussion for our Ask Me Anything on September 29, 2025: Device Assurance. Ask our expert questions.