On this page
Okta error codes and descriptions
This document contains a complete list of all errors that the Okta API returns.
All errors contain the follow fields:
Property | Description |
---|---|
errorCode | An Okta code for this type of error |
errorSummary | A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error. |
errorLink | An Okta code for this type of error |
errorId | A unique identifier for this error. This can be used by Okta Support to help with troubleshooting. |
errorCauses | (Optional) Further information about what caused this error |
E0000001: API validation exception
400 Bad Request
API validation failed for the current request. This is a fairly general error that signifies that endpoint's precondition has been violated. Such preconditions are endpoint specific. Users are encouraged to navigate to the documentation for the endpoint and read through the "Response Parameter" section. For example, the documentation for "Suspend User" indicates that suspending a user who is not active will result in the `E0000001` error code.
Show Example Error Response
E0000002: Illegal API argument exception
400 Bad Request
The request was not valid: {0}
Show Example Error Response
E0000003: Reader exception
400 Bad Request
The request body was not well-formed.
Show Example Error Response
E0000004: Authentication exception
401 Unauthorized
Authentication failed
Show Example Error Response
E0000005: Invalid session exception
403 Forbidden
Invalid session
Show Example Error Response
E0000006: Access denied exception
403 Forbidden
You do not have permission to perform the requested action
Show Example Error Response
E0000007: Resource not found exception
404 Not Found
Not found: {0}
Show Example Error Response
E0000008: Not found exception
404 Not Found
The requested path was not found
Show Example Error Response
E0000009: Internal server error
500 Internal Server Error
Internal Server Error
Show Example Error Response
E0000010: Read only database exception
503 Service Unavailable
Service is in read only mode
Show Example Error Response
E0000011: Invalid token exception
401 Unauthorized
Invalid token provided
Show Example Error Response
E0000012: Unsupported media type
404 Not Found
Unsupported media type
Show Example Error Response
E0000013: Invalid client app exception
403 Forbidden
Invalid client app id
Show Example Error Response
E0000014: Update credentials failed exception
403 Forbidden
Update of credentials failed
Show Example Error Response
E0000015: Feature not enabled exception
401 Unauthorized
You do not have permission to access the feature you are requesting
Show Example Error Response
E0000016: Activate user failed exception
403 Forbidden
Activation failed because the user is already active
Show Example Error Response
E0000017: Reset password failed exception
403 Forbidden
Password reset failed
Show Example Error Response
E0000018: Servlet request binding exception
400 Bad Request
Bad request. Accept and/or Content-Type headers are likely not set.
Show Example Error Response
E0000019: HTTP media type not acceptable exception
400 Bad Request
Bad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000020: Illegal argument exception
400 Bad Request
Bad request.
Show Example Error Response
E0000021: HTTP media type not supported exception
400 Bad Request
Bad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000022: HTTP request method not supported exception
405 Method Not Allowed
The endpoint does not support the provided HTTP method. This is a general error that signifies the API call being made is not allowed based on either a lack of permissions for the sender or an invalid token being sent alongside the call. Check you're sending the correct HTTP Verb and authorization header with the request. Check that API access, user authorization and the feature you want to access have all been enabled for your org. Finally, check if OAuth provider will accept a token generated by Okta as some do not.
Show Example Error Response
E0000023: App user exception
403 Forbidden
Operation failed because user profile is mastered under another system
Show Example Error Response
E0000024: Unsupported app metadata operation exception
400 Bad Request
Bad request. This operation on app metadata is not yet supported.
Show Example Error Response
E0000025: Assign app version failed exception
400 Bad Request
App version assignment failed.
Show Example Error Response
E0000026: API endpoint deprecated exception
404 Not Found
This endpoint has been deprecated.
Show Example Error Response
E0000027: Group push exception
400 Bad Request
Group push bad request : {0}
Show Example Error Response
E0000028: Missing servlet request parameter exception
400 Bad Request
The request is missing a required parameter.
Show Example Error Response
E0000029: Invalid paging exception
400 Bad Request
Invalid paging request.
Show Example Error Response
E0000030: Invalid date exception
400 Bad Request
Bad request. Invalid date. Dates must be of the form yyyy-MM-dd'T'HH:mm:ss.SSSZZ, e.g. 2013-01-01T12:00:00.000-07:00.
Show Example Error Response
E0000031: Invalid search criteria exception
400 Bad Request
Invalid search criteria.
Show Example Error Response
E0000032: Unlock forbidden exception
403 Forbidden
Unlock is not allowed for this user.
Show Example Error Response
E0000033: Search request exception
400 Bad Request
Bad request. Can't specify a search query and filter in the same request.
Show Example Error Response
E0000034: Forgot password not allowed exception
403 Forbidden
Forgot password not allowed on specified user.
Show Example Error Response
E0000035: Change password not allowed exception
403 Forbidden
Change password not allowed on specified user.
Show Example Error Response
E0000036: Change recovery question not allowed exception
403 Forbidden
Change recovery question not allowed on specified user.
Show Example Error Response
E0000037: Type mismatch exception
400 Bad Request
Type mismatch exception. {0}
Show Example Error Response
E0000038: User operation forbidden exception
403 Forbidden
This operation is not allowed in the user's current status.
Show Example Error Response
E0000039: Change app instance failed exception
403 Forbidden
Operation on application settings failed.
Show Example Error Response
E0000040: Duplicate instance label exception
400 Bad Request
Application label must not be the same as an existing application label.
Show Example Error Response
E0000041: Password option argument exception
400 Bad Request
Credentials should not be set on this resource based on the scheme.
Show Example Error Response
E0000042: Set redirect url failed exception
403 Forbidden
Setting the error page redirect URL failed.
Show Example Error Response
E0000043: Self assign org apps not enabled exception
403 Forbidden
Self service application assignment is not enabled.
Show Example Error Response
E0000044: Self assign not supported exception
403 Forbidden
Self service application assignment is not supported.
Show Example Error Response
E0000045: Field mapping API exception
400 Bad Request
Field mapping bad request.
Show Example Error Response
E0000046: Deactivate app user forbidden exception
403 Forbidden
Deactivate application for user forbidden.
Show Example Error Response
E0000047: Too many requests exception
429 Too Many Requests
API call exceeded rate limit due to too many requests.
Show Example Error Response
E0000048: OPP entity not found exception
404 Not Found
Entity not found exception.
Show Example Error Response
E0000049: OPP invalid SCIM data from SCIM implementation exception
500 Internal Server Error
Invalid SCIM data from SCIM implementation.
Show Example Error Response
E0000050: OPP invalid SCIM data from client exception
400 Bad Request
Invalid SCIM data from client.
Show Example Error Response
E0000051: OPP no response from SCIM implementation exception
500 Internal Server Error
No response from SCIM implementation.
Show Example Error Response
E0000052: OPP endpoint not implemented exception
501 Not Implemented
Endpoint not implemented.
Show Example Error Response
E0000053: OPP invalid SCIM filter
400 Bad Request
Invalid SCIM filter.
Show Example Error Response
E0000054: OPP invalid pagination properties
400 Bad Request
Invalid pagination properties.
Show Example Error Response
E0000055: OPP duplicate group
409 Conflict
Duplicate group.
Show Example Error Response
E0000056: Delete app instance forbidden exception
403 Forbidden
Delete application forbidden.
Show Example Error Response
E0000057: Policy deny exception
403 Forbidden
Access to this application is denied due to a policy.
Show Example Error Response
E0000058: Policy factor required exception
403 Forbidden
Access to this application requires MFA: {0}
Show Example Error Response
E0000059: OPP connector settings test failure
400 Bad Request
The connector configuration could not be tested. Make sure that the URL, Authentication Parameters are correct and that there is an implementation available at the URL provided.
Show Example Error Response
E0000060: Unsupported operation
501 Not Implemented
Unsupported operation.
Show Example Error Response
E0000061: Tab exception
403 Forbidden
Tab error: {0}
Show Example Error Response
E0000062: Duplicate app assignment
409 Conflict
The specified user is already assigned to the application.
Show Example Error Response
E0000063: Invalid parameter combination exception
400 Bad Request
Invalid combination of parameters specified.
Show Example Error Response
E0000064: Password expired exception
401 Unauthorized
Password is expired and must be changed.
Show Example Error Response
E0000065: App metadata internal server exception
500 Internal Server Error
Internal error processing app metadata.
Show Example Error Response
E0000066: Mim apns not configured exception
400 Bad Request
APNS is not configured, contact your admin
Show Example Error Response
E0000067: Factor service timeout exception
504 Gateway Timeout
Factors Service Error.
Show Example Error Response
E0000068: Factor invalid code exception
403 Forbidden
Invalid Passcode/Answer
Show Example Error Response
E0000069: Factor user locked exception
403 Forbidden
User Locked
Show Example Error Response
E0000070: Factor waiting for ack exception
202 Accepted
Waiting for ACK
Show Example Error Response
E0000071: Mim unsupported version exception
400 Bad Request
Unsupported OS Version: {0}
Show Example Error Response
E0000072: Mim enrollment disallowed exception
403 Forbidden
MIM policy settings have disallowed enrollment for this user
Show Example Error Response
E0000073: Factor user rejected code exception
403 Forbidden
User rejected authentication
Show Example Error Response
E0000074: Factor service exception
400 Bad Request
Factor Service Error
Show Example Error Response
E0000075: App user profile push constraint exception
403 Forbidden
Cannot modify the {0} attribute because it has a field mapping and profile push is enabled.
Show Example Error Response
E0000076: App user profile mastering constraint exception
405 Method Not Allowed
Cannot modify the app user because it is mastered by an external app.
Show Example Error Response
E0000077: Read only attribute exception
403 Forbidden
Cannot modify the {0} attribute because it is read-only.
Show Example Error Response
E0000078: Immutable attribute exception
403 Forbidden
Cannot modify the {0} attribute because it is immutable.
Show Example Error Response
E0000079: Illegal auth state exception
403 Forbidden
This operation is not allowed in the current authentication state.
Show Example Error Response
E0000080: Password policy violation exception
403 Forbidden
The password does not meet the complexity requirements of the current password policy.
Show Example Error Response
E0000081: System scope attribute exception
403 Forbidden
Cannot modify the {0} attribute because it is a reserved attribute for this application.
Show Example Error Response
E0000082: Factor passcode replayed exception
403 Forbidden
Each code can only be used once. Please wait for a new code and try again.
Show Example Error Response
E0000083: Factor time window exceeded exception
403 Forbidden
PassCode is valid but exceeded time window.
Show Example Error Response
E0000084: App evaluation exception
403 Forbidden
App evaluation error.
Show Example Error Response
E0000085: Sign on denied exception
403 Forbidden
You do not have permission to access your account at this time.
Show Example Error Response
E0000086: Policy activation exception
403 Forbidden
This policy cannot be activated at this time.
Show Example Error Response
E0000087: Invalid recovery answer exception
403 Forbidden
The recovery question answer did not match our records.
Show Example Error Response
E0000088: Org Creator API subdomain already exists exception
400 Bad Request
Org Creator API subdomain validation exception: An object with this field already exists.
Show Example Error Response
E0000089: Org Creator API name validation exception
400 Bad Request
Org Creator API name validation exception.
Show Example Error Response
E0000090: Duplicate role assignment exception
409 Conflict
The role specified is already assigned to the user.
Show Example Error Response
E0000091: Illegal role assignment exception
400 Bad Request
The provided role type was not the same as required role type.
Show Example Error Response
E0000092: Policy allow with conditions exception
403 Forbidden
Access to this application requires re-authentication: {0}
Show Example Error Response
E0000093: Too many target records exception
400 Bad Request
Target count limit exceeded
Show Example Error Response
E0000094: Complex filter exception
400 Bad Request
The provided filter is unsupported.
Show Example Error Response
E0000095: Recovery forbidden for unknown user exception
403 Forbidden
Recovery not allowed for unknown user.
Show Example Error Response
E0000096: Idp certificate conflict exception
409 Conflict
This certificate has already been uploaded with kid={0}.
Show Example Error Response
E0000097: Mobile phone not verified exception
403 Forbidden
There is no verified phone number on file.
Show Example Error Response
E0000098: Phone number parse exception
400 Bad Request
This phone number is invalid.
Show Example Error Response
E0000099: International SMS call not enabled exception
403 Forbidden
Only numbers located in US and Canada are allowed. Contact your administrator if this is a problem.
Show Example Error Response
E0000100: Search not available exception
503 Service Unavailable
Unable to perform search query.
Show Example Error Response
E0000101: Invalid hosted mobile app
400 Bad Request
There was an issue with the app binary file you uploaded. {0}
Show Example Error Response
E0000102: Invalid yubikey state exception
403 Forbidden
YubiKey cannot be deleted while assigned to an user. Please deactivate YubiKey using reset MFA and try again
Show Example Error Response
E0000103: OEM command already queued
403 Forbidden
Action on device already in queue or in progress
Show Example Error Response
E0000104: OEM device already locked
403 Forbidden
Device is already locked and cannot be locked again
Show Example Error Response
E0000105: Invalid or expired recovery token
403 Forbidden
You have accessed an account recovery link that has expired or been previously used.
Show Example Error Response
E0000107: Transition state exception
403 Forbidden
The entity is not in the expected state for the requested transition.
Show Example Error Response
E0000108: OEM generic duplicate resource
409 Conflict
OEM generic duplicate resource.
Show Example Error Response
E0000109: SMS too many requests exception
429 Too Many Requests
An SMS message was recently sent. Please wait 30 seconds before trying again.
Show Example Error Response
E0000110: Invalid or expired transaction token
403 Forbidden
You have accessed a link that has expired or has been previously used.
Show Example Error Response
E0000111: Read only object exception
403 Forbidden
Cannot modify the {0} object because it is read-only.
Show Example Error Response
E0000112: Update activating user exception
409 Conflict
Cannot update this user because they are still being activated. Please try again in a few minutes.
Show Example Error Response
E0000113: Factor additional challenge exception
409 Conflict
{0}.
Show Example Error Response
E0000115: Hosted mobile app service exception
503 Service Unavailable
There was an issue while uploading the app binary file. {0}
Show Example Error Response
E0000116: Hosted mobile app upload exception
400 Bad Request
{0}
Show Example Error Response
E0000117: Inactive user forbidden exception
403 Forbidden
Cannot assign apps or update app profiles for an inactive user.
Show Example Error Response
E0000118: Email too many requests exception
429 Too Many Requests
An email was recently sent. Please wait 5 seconds before trying again.
Show Example Error Response
E0000119: User locked recovery exception
403 Forbidden
Your account is locked. Please contact your administrator.
Show Example Error Response
E0000120: Org Creator API custom domain validation exception
400 Bad Request
The custom domain requested is already in use by another organization.
Show Example Error Response
E0000121: Invalid phone extension
400 Bad Request
Invalid phone extension. Please enter a valid phone extension.
Show Example Error Response
E0000122: Media type not accepted exception
406 Not Acceptable
Accept Header did not contain supported media type 'application/json'
Show Example Error Response
E0000123: Enum mismatch exception
400 Bad Request
Array specified in enum field must match const values specified in oneOf field.
Show Example Error Response
E0000124: Expire on create requires password exception
400 Bad Request
Could not create user. To create a user and expire their password immediately, a password must be specified
Show Example Error Response
E0000125: Expire on create requires activation exception
400 Bad Request
Could not create user. To create a user and expire their password immediately, "activate" must be true
Show Example Error Response
E0000126: Self service not supported exception
400 Bad Request
Self service is not supported with the current settings.
Show Example Error Response
E0000127: Linked object definition exception
409 Conflict
Invalid linked objection definition. {0}
Show Example Error Response
E0000131: Feature validation exception
400 Bad Request
{0}
Show Example Error Response
E0000132: Client registration already active exception
400 Bad Request
The registration is already active for the given user, client and device combination
Show Example Error Response
E0000133: Phone call too many requests exception
429 Too Many Requests
A phone call was recently made. Please wait 30 seconds before trying again.
Show Example Error Response
E0000134: Callback execution exception
502 Bad Gateway
Okta could not communicate correctly with an inline hook.
Show Example Error Response
E0000135: Callback error
400 Bad Request
An inline hook responded with an error.
Show Example Error Response
E0000136: Mobile phone conflict exception
409 Conflict
Mobile phone conflict exception.
Show Example Error Response
E0000137: Callback timeout
504 Gateway Timeout
Okta did not receive a response from an inline hook.
Show Example Error Response
E0000138: Telephony internal error
500 Internal Server Error
There was an internal error with call provider(s).
Show Example Error Response
E0000139: Telephony provider error
503 Service Unavailable
Telephony provider error.
Show Example Error Response
E0000140: Telephony opt out error
400 Bad Request
Telephony opt out error.
Show Example Error Response
E0000141: Feature update error
400 Bad Request
Feature cannot be enabled or disabled due to dependencies/dependents conflicts.
Show Example Error Response
E0000142: Delete user type exception
403 Forbidden
This User Type cannot be deleted.
Show Example Error Response
E0000143: App instance operation not allowed exception
403 Forbidden
App instance operation not allowed.
Show Example Error Response
E0000145: User entity conversion type error
409 Conflict
Some users returned by the search cannot be parsed because the user schema has been changed to be inconsistent with their stale profile data.
Show Example Error Response
E0000146: SMS roadblock exception
429 Too Many Requests
Your organization has reached the limit of sms requests that can be sent within a 24 hour period.
Show Example Error Response
E0000147: Call roadblock exception
429 Too Many Requests
Your organization has reached the limit of call requests that can be sent within a 24 hour period.
Show Example Error Response
E0000148: Policy violation exception
403 Forbidden
Cannot modify/disable this authenticator because it is enabled in one or more policies. {0}
Show Example Error Response
E0000149: HTTP request not acceptable
406 Not Acceptable
The HTTP request is not acceptable.
Show Example Error Response
E0000150: SMS rate limit exception
403 Forbidden
You have reached the limit of sms requests, please try again later.
Show Example Error Response
E0000151: Call rate limit exception
403 Forbidden
You have reached the limit of call requests, please try again later.
Show Example Error Response
E0000152: Illegal device status exception
403 Forbidden
Illegal device status, cannot perform action.
Show Example Error Response
E0000153: Invalid device id exception
410 Gone
Invalid device id, it no longer exists.
Show Example Error Response
E0000154: Invalid factor id exception
410 Gone
Invalid factor id, it is not currently active.
Show Example Error Response
E0000155: User not active exception
423 Locked
User is not currently active.
Show Example Error Response
E0000156: Invalid user id exception
410 Gone
Invalid user id; the user either does not exist or has been deleted.
Show Example Error Response
E0000157: Authenticator already exists exception
409 Conflict
Another authenticator with key: {0} is already active.
Show Example Error Response
E0000158: Non user verification compliance enrollment exception
400 Bad Request
Invalid Enrollment. User verification required.
Show Example Error Response
E0000159: Non fips compliance okta verify enrollment exception
400 Bad Request
Invalid Enrollment. FIPS compliance required.
Show Example Error Response
E0000161: Domain already exists exception
403 Forbidden
Unique domain name required.
Show Example Error Response
E0000162: Domain limit exception
403 Forbidden
Domain count limit reached.
Show Example Error Response
E0000163: Domain not found exception
404 Not Found
Domain ID not found.
Show Example Error Response
E0000165: Domain not verified exception
403 Forbidden
Domain not verified.
Show Example Error Response
E0000166: Captcha limit exception
403 Forbidden
CAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org. Please remove existing CAPTCHA to create a new one.
Show Example Error Response
E0000167: Deactivate idp in use by authenticator exception
403 Forbidden
{0}
Show Example Error Response
E0000168: Captcha associated with org exception
403 Forbidden
CAPTCHA cannot be removed. This CAPTCHA is associated with org-wide CAPTCHA settings, please unassociate it before removing it.
Show Example Error Response
E0000170: Org Creator API subdomain reserved exception
400 Bad Request
Org Creator API subdomain validation exception: Using a reserved value. Try again with a different value.
Show Example Error Response
E0000171: Org Creator API subdomain locked exception
400 Bad Request
Org Creator API subdomain validation exception: The value is already in use by a different request.
Show Example Error Response
E0000172: Org Creator API subdomain name too long exception
400 Bad Request
Org Creator API subdomain validation exception: The value exceeds the max length.
Show Example Error Response
E0000174: Device condition dependency exception
403 Forbidden
You can’t disable Okta FastPass because it is being used by one or more application sign-on policies. First, go to each policy and remove any device conditions. Then, come back and try again.
Show Example Error Response
E0000176: Log streaming create failed
400 Bad Request
Failed to create LogStreaming event source. {0}
Show Example Error Response
E0000177: Log streaming delete failed
400 Bad Request
Failed to delete LogStreaming event source. {0}
Show Example Error Response
E0000178: Cannot delete realm exception
400 Bad Request
This realm cannot be deleted. {0}
Show Example Error Response
E0000179: Externally sourced attribute exception
400 Bad Request
There is a required attribute that is externally sourced.
Show Example Error Response
E0000180: Suspended factor exception
423 Locked
Factor id is currently not active.
Show Example Error Response
E0000181: Dns challenge not found exception
503 Service Unavailable
Service temporarily unavailable.
Show Example Error Response
E0000182: Email customization default already exists exception
409 Conflict
A default email template customization already exists.
Show Example Error Response
E0000183: Email customization language already exists exception
409 Conflict
An email template customization for that language already exists.
Show Example Error Response
E0000184: Email customization cannot delete default exception
409 Conflict
A default email template customization can't be deleted.
Show Example Error Response
E0000185: Email customization cannot clear default exception
409 Conflict
The isDefault parameter of the default email template customization can't be set to false.
Show Example Error Response
E0000186: SMS free org roadblock exception
429 Too Many Requests
Your free tier organization has reached the limit of sms requests that can be sent within a 30 day period.
Show Example Error Response
E0000187: Push provider dependency exception
409 Conflict
Cannot delete push provider because it is being used by a custom app authenticator.
Show Example Error Response
E0000188: Domain update conflict exception
409 Conflict
Domain update conflict exception.
Show Example Error Response
E0000189: Email template invalid recipients exception
422 Unprocessable Entity
This template does not support the recipients value.
Show Example Error Response
E0000190: Delete ldap interface forbidden exception
403 Forbidden
Delete LDAP interface instance forbidden.
Show Example Error Response
E0000191: Transaction not found exception
404 Not Found
Verification timed out. Please try again.
Show Example Error Response
E0000192: Assign admin privilege to group with rules exception
400 Bad Request
Roles cannot be granted to groups with group membership rules. {0}
Show Example Error Response
E0000193: Group member count exceeds limit exception
400 Bad Request
Roles can only be granted to groups with 5000 or less users. {0}
Show Example Error Response
E0000194: Non applicable group type exception
400 Bad Request
Roles can only be granted to Okta groups, AD groups and LDAP groups. {0}
Show Example Error Response
E0000195: API conflict exception
409 Conflict
Api validation failed due to conflict: {0}
Show Example Error Response
E0000197: Email domain already exists exception
409 Conflict
Unique email domain name required.
Show Example Error Response
E0000198: Email domain not found exception
404 Not Found
Email domain not found.
Show Example Error Response
E0000200: Brand cannot delete default exception
409 Conflict
A default brand cannot be deleted.
Show Example Error Response
E0000201: Brand cannot delete already assigned exception
409 Conflict
A brand associated with a custom domain or email doamin cannot be deleted.
Show Example Error Response
E0000202: Brand name already exist exception
409 Conflict
Brand name already exists.
Show Example Error Response
E0000203: Brand domain mapping failure exception
409 Conflict
Failed to associate this domain with the given brandId.
Show Example Error Response
E0000204: SMS rate limit exception 429
429 Too Many Requests
You have reached the limit of sms requests, please try again later.
Show Example Error Response
E0000205: Call rate limit exception 429
429 Too Many Requests
You have reached the limit of call requests, please try again later.
Show Example Error Response
E0000207: Incorrect username or password exception
401 Unauthorized
The username and/or the password you entered is incorrect. Please try again.
Show Example Error Response
E0000208: Access token bad request exception
400 Bad Request
Failed to get access token. The request was invalid, reason: {0}.
Show Example Error Response
E0000209: Aaguid group violation exception
400 Bad Request
{0} cannot be modified/deleted because it is currently being used in an Enroll Policy. Please make changes to the Enroll Policy before modifying/deleting the group.
Show Example Error Response
E0000211: Built in groups type exception
400 Bad Request
Roles cannot be granted to built-in groups: {0}
Show Example Error Response
E0000212: Invalid origin header exception
403 Forbidden
Origin validation failed.
Show Example Error Response
E0000213: Cannot update page content for default brand exception
403 Forbidden
Cannot update page content for the default brand.
Show Example Error Response
E0000214: User has no enrollments that are ciba enabled
400 Bad Request
User has no custom authenticator enrollments that have CIBA as a transactionType
Show Example Error Response
E0000215: API endpoint no longer available
410 Gone
This endpoint has been deprecated.
Show Example Error Response
E0000217: Email domain invalid status exception
400 Bad Request
Invalid status. Cannot validate email domain in current status.
Show Example Error Response
E0000218: Email domain validation exception
400 Bad Request
Email domain could not be verified by mail provider.
Show Example Error Response
E0000219: Phishing resistance policy error
403 Forbidden
This action can't be completed because it would result in 0 phishing resistant authenticators and your org has at least one authentication policy rule that requires phishing resistant authenticators. To continue, either enable FIDO 2 (WebAuthn) or remove the phishing resistance constraint from the affected policies. Policy rules: {0}
Show Example Error Response
E0000220: Brand limit exception
403 Forbidden
Brand count limit reached.
Show Example Error Response
E0000221: Realm limit exceeded exception
403 Forbidden
You have reached the maximum number of realms. An org cannot have more than {0} realms.
Show Example Error Response
E0000222: Email server already enabled exception
400 Bad Request
You can enable only one SMTP server at a time. Another SMTP server is already enabled.
Show Example Error Response
E0000223: Email server connection failed exception
400 Bad Request
Connection with the specified SMTP server failed.
Show Example Error Response
E0000224: Email server auth failed exception
400 Bad Request
Authentication with the specified SMTP server failed.
Show Example Error Response
E0000225: Email server max enrolled exception
400 Bad Request
You reached the maximum number of enrolled SMTP servers. An org can't have more than {0} enrolled servers.
Show Example Error Response
E0000226: Required telephony inline hook enabled for phone authenticator exception
400 Bad Request
You must have an active telephony inline hook to activate and use the Phone authenticator.
Show Example Error Response
E0000227: Non applicable app as principal type exception
400 Bad Request
Roles can only be granted to service application type
Show Example Error Response
E0000228: SMS template customization not allowed exception
403 Forbidden
SMS template customization isn't permitted.
Show Example Error Response
E0000229: Non bio or pin user verification compliance enrollment exception
400 Bad Request
Invalid Enrollment. Biometrics with Pin fallback required.
Show Example Error Response
E0000230: Idp for custom idp authenticator already in use exception
409 Conflict
Another authenticator is already associated with idpId: {0}.
Show Example Error Response
E0000231: Etag not matched exception
412 Precondition Failed
ETag value doesn't match.
Show Example Error Response
E0000232: Duplicate authenticator nickname exception
400 Bad Request
Another authenticator enrollment already exists with the same nickname.
Show Example Error Response
E0000233: SMS free org okta verify setup link bloc exception
403 Forbidden
Okta Verify SMS setup link is a feature only available on paid Okta accounts. To enable this feature please upgrade your free tier org.
Show Example Error Response
E0000235: Resource selectors exception
400 Bad Request
Resource Selector: {0}
Show Example Error Response
E0000236: Email customization invalid bcp47 locale format exception
400 Bad Request
The language doesn't conform to the BCP 47 standard for locales.
Show Example Error Response
E0000237: Email customization test locale not permitted exception
400 Bad Request
The language isn't permitted for email customization.
Show Example Error Response
E0000239: Policy lock exception
423 Locked
Policy priorities are being reconciled. Please try again later.
Show Example Error Response
E0000240: Agent time out
502 Bad Gateway
Request timed out waiting for agent.
Show Example Error Response
E0000241: No connected agents
504 Gateway Timeout
No connected agents.
Show Example Error Response
E0000242: Invalid etag exception
400 Bad Request
ETag syntax is invalid.
Show Example Error Response
E0000243: API validation exception with no message
400 Bad Request
Bad request.
Show Example Error Response
E0000244: Email customization multiple defaults exception
409 Conflict
There are conflicting default customizations for this template. To create or update email customizations, discard your changes and then reset your templates.
Show Example Error Response
E0000245: Knowledge second and access policy conflict exception
400 Bad Request
One or more authentication method chains include a knowledge method in the first step. Update these chains to require a possession factor in the first step: {0}
Show Example Error Response
E0000246: Deactivate authenticator method in use by authentication policy method chain exception
403 Forbidden
This action can't be completed because the authentication method is in use by one or more authentication policies: {0}
Show Example Error Response
E0000247: Okta telephony disabled exception
403 Forbidden
Your organization doesn't support SMS or Voice authentication at this time. Select another authentication method.
Show Example Error Response
E0000248: Deactivate idp in use by okta account management policy exception
403 Forbidden
The current Id Proofing Identity Provider is configured to be used in one or more Okta Account Management Policy rules. {0}
Show Example Error Response
E0000249: Missing group rule policy exception
409 Conflict
Group rules are still being set up. Please try again later.
Show Example Error Response
Example errors for OpenID Connect and Social Login
In situations where Okta needs to pass an error to a downstream application through a redirect_uri
, the error code and description are encoded as the query parameters error
and error_description
.
For example, if the redirect_uri is https://example.com, then the ACCESS_DENIED error is passed as follows:
https://example.com?error=access_denied&error_description=The%20resource%20owner%20or%20authorization%20server%20denied%20the%20request
Property | Description |
---|---|
unauthorized_client | The client isn't authorized to request an authorization code using this method. |
access_denied | The resource owner or authorization server denied the request. |
unsupported_response_type | The authorization server doesn't support obtaining an authorization code using this method. |
unsupported_response_mode | The authorization server doesn't support the requested response mode. |
invalid_scope | The requested scope is invalid, unknown, or malformed. |
server_error | The authorization server encountered an unexpected condition that prevented it from fulfilling the request. |
temporarily_unavailable | The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. |
invalid_client | The specified client isn't valid. |
login_required | The client specified not to prompt, but the user isn't signed in. |
invalid_request | The request parameters aren't valid. |
user_canceled_request | User canceled the social sign-in request. |