On This Page

Previous rate limits

This page covers the rate limits for orgs that were created before 2018-05-17.

High capacity rate limits

If your needs exceed Okta's rate limits, you can purchase the High Capacity Rate Limit add-on. Customers who purchase the High Capacity Rate Limit add-on service may not use the service in excess of the static rate limit, as set forth in the table below. If Okta makes any change to the rate limit, the change is communicated to customers through an updated version of this product documentation.

The following are the high capacity rate limits per minute that apply across the Okta API for these endpoints:

Endpoint One App Enterprise
/oauth2/{authorizationServerId}/v1 3000 6000
/oauth2/v1 except /oauth2/v1/clients 3000 6000
/api/v1 1500 3000
/api/v1/sessions 1500 3000
/app/template_saml_2_0/{key}/sso/saml 1500 3000
/app/{app}/{key}/sso/saml 1500 3000
/api/v1/groups/{id} 1500 3000
/api/v1/users/{id} 1500 3000
/api/v1/users/{idOrLogin} (only GET) 1500 5000
/api/v1/authn 1500 3000
/api/plugin/{protocolVersion}/form-creds/{appUserIds}/{formSiteOption} 1500 3000
/api/v1/authn/factors/{factorIdOrFactorType}/verify 1500 3000
/api/v1/apps/{id} 1500 3000
/bc/image/fileStoreRecord 1500 3000
/bc/globalFileStoreRecord 1500 3000

If your usage needs exceed the rate limits applicable to the High Capacity Rate Limit add-on service, please contact your Okta Sales Representative regarding other options.

Org-wide rate limits (legacy orgs)

Extensions to the base URLs listed below are included in the specified limit, unless the URL is followed by "only." For example, /api/v1/apps/{id} has a per-minute rate limit of 500 as listed in the second line in the table. However, /api/v1/apps/{id}/users falls under the more general first line of the table. This pattern applies to all the URLs.

Action Okta API Endpoint Per Minute Limit (Older Orgs)
Create or list applications /api/v1/apps except /api/v1/apps/{id} 100
Get, update, or delete an application /api/v1/apps/{id} only 500
Authenticate different end users /api/v1/authn 500
Creating or listing groups /api/v1/groups except /api/v1/groups/{id} 500
Get, update, or delete a group /api/v1/groups/{id} only 1000
Get System Log data /api/v1/logs 120
Get session information /api/v1/sessions 750
Create or list users /api/v1/users except /api/v1/users/{id} and /api/v1/users/{login} 600
Get a user by user ID or login (combined) /api/v1/users/{id} or /api/v1/users/{login} only 2000
Get my user /api/v1/users/me 1000
Update or delete a user by ID /api/v1/users/{id} only 600
Create an org (ISVs only) /api/v1/orgs 50
All other actions /api/v1/ 1000

Concurrent rate limits (legacy orgs)

For legacy orgs, the limit is 75 concurrent transactions.

Home page endpoint limits (legacy orgs)

The following endpoints are used by the Okta home page for authentication and user ign in and have org-wide rate limits:

Okta Home Page Endpoints Per-Minute Limit
/app/{app}/{key}/sso/saml 750
/app/office365/{key}/sso/wsfed/active 1000
/app/office365/{key}/sso/wsfed/passive 250
/app/template_saml_2_0/{key}/sso/saml 2500
/login/do-login 200
/login/login.htm 850
/login/sso_iwa_auth 500
/api/plugin/{protocolVersion}/form-cred/{appUserIds}/{formSiteOption} 650
/api/plugin/{protocolVersion}/sites 150
/bc/fileStoreRecord 500
/bc/globalFileStoreRecord 500