<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001H2hCJ0AZOkta Classic EngineMulti-Factor AuthenticationAnswered2026-02-10T18:45:09.000Z2026-02-09T22:28:18.000Z2026-02-10T18:45:09.000Z

VictorK.52186 (Customer) asked a question.

February 9, 2026 at 10:28 PM
A user got his phone stolen so I blocked his access; now I'm not able to give him access back

When the incident happened, I disabled his account on AD, and blocked his access to 365 on the 365 Admin Console. in Okta, I deactivated his account and reset authenticators. He was showing Deactivated in the People page. Now he has a new phone and I need to give him access again.

 

On AD I Enabled the account and forced Sync to 365. HIs "access blocked" in 365 is gone and now it looks normal. When he tried to log in on office.com he saw "user is not assigned to this application". I realized that his assignment was gone, so I gave him individual access. On the People page I was seeing "Pending user action". I asked him to try again, he saw "you do not have permission to perform the requested action". I was still seeing "pending user action", so I tried different things - I suspended him, activated him, I saw a "reset password and activate" and I chose that, although we don't change our passwords in Okta; our passwords are managed in AD. Now in the people page I see "password expired". I don't know what to do at this point.

 

Thanks

  • 4 answers
  • 124 views

  • Paul S. (Okta, Inc.)

    Hello @VictorK.52186 (Customer)​ Thank you for posting on our Community page!

     

    It seems like the user account is not properly synced with AD, maybe when the account was reactivated it was somehow disconnected from AD. Have you tried a full import from AD to Okta?

    If the account is not properly linked that should fix it.

    If it does not, is it possible to remove the user from Okta and re-import him from AD?

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Paul S. (Okta, Inc.)

    Hello @VictorK.52186 (Customer)​ Thank you for posting on our Community page!

     

    It seems like the user account is not properly synced with AD, maybe when the account was reactivated it was somehow disconnected from AD. Have you tried a full import from AD to Okta?

    If the account is not properly linked that should fix it.

    If it does not, is it possible to remove the user from Okta and re-import him from AD?

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • VictorK.52186 (Customer)

    Thanks! That took care of almost everything. The user is able to use everything on his phone, and almost everything on his laptop. Outlook fails though.

     

    Here is the crazy thing - I tried creating a new Outlook profile (after some error message mentining the profile), I tried New and Classic, I tried repairing, new install of office... nothing works, Outlook fails to start. So I tried Outlook online and it fails as well! Error message below. But he is still able to send and receive from his phone, which makes no sense to me.

     

    UTC Date: 2026-02-10T17:07:46.630Z

    Client Id: 3C84D6F367EE42DC8CB4C7279A8218FA

    Session Id: a36ef4d9-37e8-4480-bbf1-90b2dd27a2fb

    Client Version: 20260130003.05

    BootResult: fail

    Back Filled Errors: None

    err: Error: 440

    esrc: StartupData

    et: ServerError

    estack: Error: 440

      at Object.w [as createStatusErrorMessage] (https://res.public.onecdn.static.microsoft/owamail/hashed-v1/singleCss/scripts/owa.mailindex.526cf309.js:2:8809)

      at https://res.public.onecdn.static.microsoft/owamail/hashed-v1/singleCss/scripts/owa.mailindex.526cf309.js:2:41447

    st: 440

    efe: SA9PR13CA0169

    Expand Post

    • Paul S. (Okta, Inc.)

      Hello @VictorK.52186 (Customer)​  From the Community side we do not have access to troubleshoot this. I would recommend opening a Case with Support, as they have access to additional tools to provide further assistance with this issue.

       

      Thank you for reaching out to our Community and have a great day!

      --

      Help others in the community by liking or hitting Select as Best if this response helped you.

      Expand Post

      • VictorK.52186 (Customer)

        Actually, never mind! I had forgotten to re enable the mail apps in Account -> Mail. All is good. Thanks for your help! Your first reply was the fix

Loading
A user got his phone stolen so I blocked his access; now I'm not able to give him access back