We are making org-wide rate limits more granular, and treating authenticated end-user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end-user interactions separately will lessen the chances of one user's impacting another. We're also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:
Of course, as each change is released, we'll announce the change here.
For a full description of the rate limit changes, see API Rate Limits.
/api/v1/authn/factors/<factorId>/verifyresponded with a valid
stateTokenafter user status became
LOCKED_OUT, causing user interface errors. (OKTA-115153)