<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001W35mf0ABOkta Classic EngineMulti-Factor AuthenticationAnswered2026-04-13T12:18:24.000Z2026-04-07T12:57:46.000Z2026-04-13T12:18:24.000Z

MaxH.79374 (Customer) asked a question.

April 7, 2026 at 12:57 PM
Being redirected to the Admin Console

Attempting to access the following:

My Settings (/enduser/settings)

Okta End-User dashboard (/app/UserHome)

Results in a new request to verify using Okta Verify. After I do this, I am redirected back to /admin/home. Attempting to navigate again will skip the verify request, but I am still redirected back to /admin/home. After a short period of time (probably less than a minute) attempting to navigate again results in a new request to verify using Okta Verify.

 

After some experimentation, I found navigating to "My end user dashboard" from the admin page (/app/UserHome?fromAdmin=true) does work.

 

What is happening here?

  • 2 answers
  • 37 views

  • paul.stiniguta (Okta, Inc.)

    Hello @MaxH.79374 (Customer)​ Thank you for posting on our Community page!

     

    You have discovered a classic quirk of Okta's routing engine! What you are experiencing is a collision between Admin Session Policies and Default Administrator Routing.

    Because your account has administrative privileges, Okta treats your session much differently than a standard end-user session. Here is exactly what is happening behind the scenes:

    1. The Constant Okta Verify Prompts (Admin Policy)

    Even though you are trying to access the End-User Dashboard, Okta recognizes your account as an Administrator. Admins are governed by the Okta Admin Console sign-on policy, which is typically configured to be highly restrictive. It often requires step-up MFA (Okta Verify) and has very aggressive idle timeouts (often set to just a few minutes, which explains why you get prompted again so quickly).

    2. The Redirect to/admin/home (Lost Context). When you hit /enduser/settings or /app/UserHome directly, Okta pauses your request to enforce that strict Admin policy and prompts you for Okta Verify.

    However, once you successfully authenticate, Okta's default routing behavior for administrators kicks in. Okta assumes an Admin completing an MFA challenge wants to do administrative work, so it drops your original destination (/enduser/settings) and forcefully routes you to /admin/home.

    If you try the URL again immediately, you don't get the MFA prompt (because your admin session is active for that brief window), but Okta’s routing engine still sees an Admin navigating to a root-level app and redirects you back to the Admin Console.

    3. Why ?fromAdmin=true Works

    The ?fromAdmin=true query parameter is an explicit override built into Okta.

    When you click "My end user dashboard" from the Admin UI, Okta appends this parameter to the URL. It explicitly tells the Okta routing engine: "This user is already an Admin, but they are intentionally stepping down into the End-User context. Suspend the automatic Admin Console redirect."

    How to manage this:

    • The Best Practice: Always navigate to your settings using the "My end user dashboard" link in the top-right corner of the Admin Console, rather than bookmarking or typing the direct /enduser/settings URL.
    • Review Admin Policies: If the Okta Verify prompt happening in less than a minute is too disruptive, another Super Admin can check the Okta Admin Console app sign-on policy (under Security > Authentication Policies) to see if the session lifetime or "prompt for factor" frequency is set a little too aggressively for your org's needs.

     

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • paul.stiniguta (Okta, Inc.)

    Hello @MaxH.79374 (Customer)​ Thank you for posting on our Community page!

     

    You have discovered a classic quirk of Okta's routing engine! What you are experiencing is a collision between Admin Session Policies and Default Administrator Routing.

    Because your account has administrative privileges, Okta treats your session much differently than a standard end-user session. Here is exactly what is happening behind the scenes:

    1. The Constant Okta Verify Prompts (Admin Policy)

    Even though you are trying to access the End-User Dashboard, Okta recognizes your account as an Administrator. Admins are governed by the Okta Admin Console sign-on policy, which is typically configured to be highly restrictive. It often requires step-up MFA (Okta Verify) and has very aggressive idle timeouts (often set to just a few minutes, which explains why you get prompted again so quickly).

    2. The Redirect to/admin/home (Lost Context). When you hit /enduser/settings or /app/UserHome directly, Okta pauses your request to enforce that strict Admin policy and prompts you for Okta Verify.

    However, once you successfully authenticate, Okta's default routing behavior for administrators kicks in. Okta assumes an Admin completing an MFA challenge wants to do administrative work, so it drops your original destination (/enduser/settings) and forcefully routes you to /admin/home.

    If you try the URL again immediately, you don't get the MFA prompt (because your admin session is active for that brief window), but Okta’s routing engine still sees an Admin navigating to a root-level app and redirects you back to the Admin Console.

    3. Why ?fromAdmin=true Works

    The ?fromAdmin=true query parameter is an explicit override built into Okta.

    When you click "My end user dashboard" from the Admin UI, Okta appends this parameter to the URL. It explicitly tells the Okta routing engine: "This user is already an Admin, but they are intentionally stepping down into the End-User context. Suspend the automatic Admin Console redirect."

    How to manage this:

    • The Best Practice: Always navigate to your settings using the "My end user dashboard" link in the top-right corner of the Admin Console, rather than bookmarking or typing the direct /enduser/settings URL.
    • Review Admin Policies: If the Okta Verify prompt happening in less than a minute is too disruptive, another Super Admin can check the Okta Admin Console app sign-on policy (under Security > Authentication Policies) to see if the session lifetime or "prompt for factor" frequency is set a little too aggressively for your org's needs.

     

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • MaxH.79374 (Customer)

    Thank you for giving such a detailed response, it is genuinely so helpful to be told not just how to manage the issue but also why it's occurring.

Loading
Being redirected to the Admin Console