On this page
Okta error codes and descriptions
This document contains a complete list of all errors that the Okta API returns.
All errors contain the follow fields:
| Property | Description |
|---|---|
errorCode | An Okta code for this type of error |
errorSummary | A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error. |
errorLink | An Okta code for this type of error |
errorId | A unique identifier for this error. This can be used by Okta Support to help with troubleshooting. |
errorCauses | (Optional) Further information about what caused this error |
E0000001: API validation exception
400 Bad RequestAPI validation failed for the current request. This is a fairly general error that signifies that endpoint's precondition has been violated. Such preconditions are endpoint specific. Users are encouraged to navigate to the documentation for the endpoint and read through the "Response Parameter" section. For example, the documentation for "Suspend User" indicates that suspending a user who is not active will result in the `E0000001` error code.
Show Example Error Response
E0000002: Illegal API argument exception
400 Bad RequestThe request was not valid: {0}
Show Example Error Response
E0000003: Reader exception
400 Bad RequestThe request body was not well-formed.
Show Example Error Response
E0000004: Authentication exception
401 UnauthorizedAuthentication failed
Show Example Error Response
E0000005: Invalid session exception
403 ForbiddenInvalid session
Show Example Error Response
E0000006: Access denied exception
403 ForbiddenYou do not have permission to perform the requested action
Show Example Error Response
E0000007: Resource not found exception
404 Not FoundNot found: {0}
Show Example Error Response
E0000008: Not found exception
404 Not FoundThe requested path was not found
Show Example Error Response
E0000009: Internal server error
500 Internal Server ErrorInternal Server Error
Show Example Error Response
E0000010: Read only database exception
503 Service UnavailableService is in read only mode
Show Example Error Response
E0000011: Invalid token exception
401 UnauthorizedInvalid token provided
Show Example Error Response
E0000012: Unsupported media type
404 Not FoundUnsupported media type
Show Example Error Response
E0000013: Invalid client app exception
403 ForbiddenInvalid client app id
Show Example Error Response
E0000014: Update credentials failed exception
403 ForbiddenUpdate of credentials failed
Show Example Error Response
E0000015: Feature not enabled exception
401 UnauthorizedYou do not have permission to access the feature you are requesting
Show Example Error Response
E0000016: Activate user failed exception
403 ForbiddenActivation failed because the user is already active
Show Example Error Response
E0000017: Reset password failed exception
403 ForbiddenPassword reset failed
Show Example Error Response
E0000018: Servlet request binding exception
400 Bad RequestBad request. Accept and/or Content-Type headers are likely not set.
Show Example Error Response
E0000019: HTTP media type not acceptable exception
400 Bad RequestBad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000020: Illegal argument exception
400 Bad RequestBad request.
Show Example Error Response
E0000021: HTTP media type not supported exception
400 Bad RequestBad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000022: HTTP request method not supported exception
405 Method Not AllowedThe endpoint does not support the provided HTTP method. This is a general error that signifies the API call being made is not allowed based on either a lack of permissions for the sender or an invalid token being sent alongside the call. Check you're sending the correct HTTP Verb and authorization header with the request. Check that API access, user authorization and the feature you want to access have all been enabled for your org. Finally, check if OAuth provider will accept a token generated by Okta as some do not.
Show Example Error Response
E0000023: App user exception
403 ForbiddenOperation failed because user profile is mastered under another system
Show Example Error Response
E0000024: Unsupported app metadata operation exception
400 Bad RequestBad request. This operation on app metadata is not yet supported.
Show Example Error Response
E0000025: Assign app version failed exception
400 Bad RequestApp version assignment failed.
Show Example Error Response
E0000026: API endpoint deprecated exception
404 Not FoundThis endpoint has been deprecated.
Show Example Error Response
E0000027: Group push exception
400 Bad RequestGroup push bad request : {0}
Show Example Error Response
E0000028: Missing servlet request parameter exception
400 Bad RequestThe request is missing a required parameter.
Show Example Error Response
E0000029: Invalid paging exception
400 Bad RequestInvalid paging request.
Show Example Error Response
E0000030: Invalid date exception
400 Bad RequestBad request. Invalid date. Dates must be of the form yyyy-MM-dd'T'HH:mm:ss.SSSZZ, e.g. 2013-01-01T12:00:00.000-07:00.
Show Example Error Response
E0000031: Invalid search criteria exception
400 Bad RequestInvalid search criteria.
Show Example Error Response
E0000032: Unlock forbidden exception
403 ForbiddenUnlock is not allowed for this user.
Show Example Error Response
E0000033: Search request exception
400 Bad RequestBad request. Can't specify a search query and filter in the same request.
Show Example Error Response
E0000034: Forgot password not allowed exception
403 ForbiddenForgot password not allowed on specified user.
Show Example Error Response
E0000035: Change password not allowed exception
403 ForbiddenChange password not allowed on specified user.
Show Example Error Response
E0000036: Change recovery question not allowed exception
403 ForbiddenChange recovery question not allowed on specified user.
Show Example Error Response
E0000037: Type mismatch exception
400 Bad RequestType mismatch exception. {0}
Show Example Error Response
E0000038: User operation forbidden exception
403 ForbiddenThis operation is not allowed in the user's current status.
Show Example Error Response
E0000039: Change app instance failed exception
403 ForbiddenOperation on application settings failed.
Show Example Error Response
E0000040: Duplicate instance label exception
400 Bad RequestApplication label must not be the same as an existing application label.
Show Example Error Response
E0000041: Password option argument exception
400 Bad RequestCredentials should not be set on this resource based on the scheme.
Show Example Error Response
E0000042: Set redirect url failed exception
403 ForbiddenSetting the error page redirect URL failed.
Show Example Error Response
E0000043: Self assign org apps not enabled exception
403 ForbiddenSelf service application assignment is not enabled.
Show Example Error Response
E0000044: Self assign not supported exception
403 ForbiddenSelf service application assignment is not supported.
Show Example Error Response
E0000045: Field mapping API exception
400 Bad RequestField mapping bad request.
Show Example Error Response
E0000046: Deactivate app user forbidden exception
403 ForbiddenDeactivate application for user forbidden.
Show Example Error Response
E0000047: Too many requests exception
429 Too Many RequestsAPI call exceeded rate limit due to too many requests.
Show Example Error Response
E0000048: OPP entity not found exception
404 Not FoundEntity not found exception.
Show Example Error Response
E0000049: OPP invalid SCIM data from SCIM implementation exception
500 Internal Server ErrorInvalid SCIM data from SCIM implementation.
Show Example Error Response
E0000050: OPP invalid SCIM data from client exception
400 Bad RequestInvalid SCIM data from client.
Show Example Error Response
E0000051: OPP no response from SCIM implementation exception
500 Internal Server ErrorNo response from SCIM implementation.
Show Example Error Response
E0000052: OPP endpoint not implemented exception
501 Not ImplementedEndpoint not implemented.
Show Example Error Response
E0000053: OPP invalid SCIM filter
400 Bad RequestInvalid SCIM filter.
Show Example Error Response
E0000054: OPP invalid pagination properties
400 Bad RequestInvalid pagination properties.
Show Example Error Response
E0000055: OPP duplicate group
409 ConflictDuplicate group.
Show Example Error Response
E0000056: Delete app instance forbidden exception
403 ForbiddenDelete application forbidden.
Show Example Error Response
E0000057: Policy deny exception
403 ForbiddenAccess to this application is denied due to a policy.
Show Example Error Response
E0000058: Policy factor required exception
403 ForbiddenAccess to this application requires MFA: {0}
Show Example Error Response
E0000059: OPP connector settings test failure
400 Bad RequestThe connector configuration could not be tested. Make sure that the URL, Authentication Parameters are correct and that there is an implementation available at the URL provided.
Show Example Error Response
E0000060: Unsupported operation
501 Not ImplementedUnsupported operation.
Show Example Error Response
E0000061: Tab exception
403 ForbiddenTab error: {0}
Show Example Error Response
E0000062: Duplicate app assignment
409 ConflictThe specified user is already assigned to the application.
Show Example Error Response
E0000063: Invalid parameter combination exception
400 Bad RequestInvalid combination of parameters specified.
Show Example Error Response
E0000064: Password expired exception
401 UnauthorizedPassword is expired and must be changed.
Show Example Error Response
E0000065: App metadata internal server exception
500 Internal Server ErrorInternal error processing app metadata.
Show Example Error Response
E0000066: Mim apns not configured exception
400 Bad RequestAPNS is not configured, contact your admin
Show Example Error Response
E0000067: Factor service timeout exception
504 Gateway TimeoutFactors Service Error.
Show Example Error Response
E0000068: Factor invalid code exception
403 ForbiddenInvalid Passcode/Answer
Show Example Error Response
E0000069: Factor user locked exception
403 ForbiddenUser Locked
Show Example Error Response
E0000070: Factor waiting for ack exception
202 AcceptedWaiting for ACK
Show Example Error Response
E0000071: Mim unsupported version exception
400 Bad RequestUnsupported OS Version: {0}
Show Example Error Response
E0000072: Mim enrollment disallowed exception
403 ForbiddenMIM policy settings have disallowed enrollment for this user
Show Example Error Response
E0000073: Factor user rejected code exception
403 ForbiddenUser rejected authentication
Show Example Error Response
E0000074: Factor service exception
400 Bad RequestFactor Service Error
Show Example Error Response
E0000075: App user profile push constraint exception
403 ForbiddenCannot modify the {0} attribute because it has a field mapping and profile push is enabled.
Show Example Error Response
E0000076: App user profile mastering constraint exception
405 Method Not AllowedCannot modify the app user because it is mastered by an external app.
Show Example Error Response
E0000077: Read only attribute exception
403 ForbiddenCannot modify the {0} attribute because it is read-only.
Show Example Error Response
E0000078: Immutable attribute exception
403 ForbiddenCannot modify the {0} attribute because it is immutable.
Show Example Error Response
E0000079: Illegal auth state exception
403 ForbiddenThis operation is not allowed in the current authentication state.
Show Example Error Response
E0000080: Password policy violation exception
403 ForbiddenThe password does not meet the complexity requirements of the current password policy.
Show Example Error Response
E0000081: System scope attribute exception
403 ForbiddenCannot modify the {0} attribute because it is a reserved attribute for this application.
Show Example Error Response
E0000082: Factor passcode replayed exception
403 ForbiddenEach code can only be used once. Please wait for a new code and try again.
Show Example Error Response
E0000083: Factor time window exceeded exception
403 ForbiddenPassCode is valid but exceeded time window.
Show Example Error Response
E0000084: App evaluation exception
403 ForbiddenApp evaluation error.
Show Example Error Response
E0000085: Sign on denied exception
403 ForbiddenYou do not have permission to access your account at this time.
Show Example Error Response
E0000086: Policy activation exception
403 ForbiddenThis policy cannot be activated at this time.
Show Example Error Response
E0000087: Invalid recovery answer exception
403 ForbiddenThe recovery question answer did not match our records.
Show Example Error Response
E0000088: Org Creator API subdomain already exists exception
400 Bad RequestOrg Creator API subdomain validation exception: An object with this field already exists.
Show Example Error Response
E0000089: Org Creator API name validation exception
400 Bad RequestOrg Creator API name validation exception.
Show Example Error Response
E0000090: Duplicate role assignment exception
409 ConflictThe role specified is already assigned to the user.
Show Example Error Response
E0000091: Illegal role assignment exception
400 Bad RequestThe provided role type was not the same as required role type.
Show Example Error Response
E0000092: Policy allow with conditions exception
403 ForbiddenAccess to this application requires re-authentication: {0}
Show Example Error Response
E0000093: Too many target records exception
400 Bad RequestTarget count limit exceeded
Show Example Error Response
E0000094: Complex filter exception
400 Bad RequestThe provided filter is unsupported.
Show Example Error Response
E0000095: Recovery forbidden for unknown user exception
403 ForbiddenRecovery not allowed for unknown user.
Show Example Error Response
E0000096: Idp certificate conflict exception
409 ConflictThis certificate has already been uploaded with kid={0}.
Show Example Error Response
E0000097: Mobile phone not verified exception
403 ForbiddenThere is no verified phone number on file.
Show Example Error Response
E0000098: Phone number parse exception
400 Bad RequestThis phone number is invalid.
Show Example Error Response
E0000099: International SMS call not enabled exception
403 ForbiddenOnly numbers located in US and Canada are allowed. Contact your administrator if this is a problem.
Show Example Error Response
E0000100: Search not available exception
503 Service UnavailableUnable to perform search query.
Show Example Error Response
E0000101: Invalid hosted mobile app
400 Bad RequestThere was an issue with the app binary file you uploaded. {0}
Show Example Error Response
E0000102: Invalid yubikey state exception
403 ForbiddenYubiKey cannot be deleted while assigned to an user. Please deactivate YubiKey using reset MFA and try again
Show Example Error Response
E0000103: OEM command already queued
403 ForbiddenAction on device already in queue or in progress
Show Example Error Response
E0000104: OEM device already locked
403 ForbiddenDevice is already locked and cannot be locked again
Show Example Error Response
E0000105: Invalid or expired recovery token
403 ForbiddenYou have accessed an account recovery link that has expired or been previously used.
Show Example Error Response
E0000107: Transition state exception
403 ForbiddenThe entity is not in the expected state for the requested transition.
Show Example Error Response
E0000108: OEM generic duplicate resource
409 ConflictOEM generic duplicate resource.
Show Example Error Response
E0000109: SMS too many requests exception
429 Too Many RequestsAn SMS message was recently sent. Please wait 30 seconds before trying again.
Show Example Error Response
E0000110: Invalid or expired transaction token
403 ForbiddenYou have accessed a link that has expired or has been previously used.
Show Example Error Response
E0000111: Read only object exception
403 ForbiddenCannot modify the {0} object because it is read-only.
Show Example Error Response
E0000112: Update activating user exception
409 ConflictCannot update this user because they are still being activated. Please try again in a few minutes.
Show Example Error Response
E0000113: Factor additional challenge exception
409 Conflict{0}.
Show Example Error Response
E0000115: Hosted mobile app service exception
503 Service UnavailableThere was an issue while uploading the app binary file. {0}
Show Example Error Response
E0000116: Hosted mobile app upload exception
400 Bad Request{0}
Show Example Error Response
E0000117: Inactive user forbidden exception
403 ForbiddenCannot assign apps or update app profiles for an inactive user.
Show Example Error Response
E0000118: Email too many requests exception
429 Too Many RequestsAn email was recently sent. Please wait 5 seconds before trying again.
Show Example Error Response
E0000119: User locked recovery exception
403 ForbiddenYour account is locked. Please contact your administrator.
Show Example Error Response
E0000120: Org Creator API custom domain validation exception
400 Bad RequestThe custom domain requested is already in use by another organization.
Show Example Error Response
E0000121: Invalid phone extension
400 Bad RequestInvalid phone extension. Please enter a valid phone extension.
Show Example Error Response
E0000122: Media type not accepted exception
406 Not AcceptableAccept Header did not contain supported media type 'application/json'
Show Example Error Response
E0000123: Enum mismatch exception
400 Bad RequestArray specified in enum field must match const values specified in oneOf field.
Show Example Error Response
E0000124: Expire on create requires password exception
400 Bad RequestCould not create user. To create a user and expire their password immediately, a password must be specified
Show Example Error Response
E0000125: Expire on create requires activation exception
400 Bad RequestCould not create user. To create a user and expire their password immediately, "activate" must be true
Show Example Error Response
E0000126: Self service not supported exception
400 Bad RequestSelf service is not supported with the current settings.
Show Example Error Response
E0000127: Linked object definition exception
409 ConflictInvalid linked objection definition. {0}
Show Example Error Response
E0000131: Feature validation exception
400 Bad Request{0}
Show Example Error Response
E0000132: Client registration already active exception
400 Bad RequestThe registration is already active for the given user, client and device combination
Show Example Error Response
E0000133: Phone call too many requests exception
429 Too Many RequestsA phone call was recently made. Please wait 30 seconds before trying again.
Show Example Error Response
E0000134: Callback execution exception
502 Bad GatewayOkta could not communicate correctly with an inline hook.
Show Example Error Response
E0000135: Callback error
400 Bad RequestAn inline hook responded with an error.
Show Example Error Response
E0000136: Mobile phone conflict exception
409 ConflictMobile phone conflict exception.
Show Example Error Response
E0000137: Callback timeout
504 Gateway TimeoutOkta did not receive a response from an inline hook.
Show Example Error Response
E0000138: Telephony internal error
500 Internal Server ErrorThere was an internal error with call provider(s).
Show Example Error Response
E0000139: Telephony provider error
503 Service UnavailableTelephony provider error.
Show Example Error Response
E0000140: Telephony opt out error
400 Bad RequestTelephony opt out error.
Show Example Error Response
E0000141: Feature update error
400 Bad RequestFeature cannot be enabled or disabled due to dependencies/dependents conflicts.
Show Example Error Response
E0000142: Delete user type exception
403 ForbiddenThis User Type cannot be deleted.
Show Example Error Response
E0000143: App instance operation not allowed exception
403 ForbiddenApp instance operation not allowed.
Show Example Error Response
E0000145: User entity conversion type error
409 ConflictSome users returned by the search cannot be parsed because the user schema has been changed to be inconsistent with their stale profile data.
Show Example Error Response
E0000146: SMS roadblock exception
429 Too Many RequestsYour organization has reached the limit of sms requests that can be sent within a 24 hour period.
Show Example Error Response
E0000147: Call roadblock exception
429 Too Many RequestsYour organization has reached the limit of call requests that can be sent within a 24 hour period.
Show Example Error Response
E0000148: Policy violation exception
403 ForbiddenCannot modify/disable this authenticator because it is enabled in one or more policies. {0}
Show Example Error Response
E0000149: HTTP request not acceptable
406 Not AcceptableThe HTTP request is not acceptable.
Show Example Error Response
E0000150: SMS rate limit exception
403 ForbiddenYou have reached the limit of sms requests, please try again later.
Show Example Error Response
E0000151: Call rate limit exception
403 ForbiddenYou have reached the limit of call requests, please try again later.
Show Example Error Response
E0000152: Illegal device status exception
403 ForbiddenIllegal device status, cannot perform action.
Show Example Error Response
E0000153: Invalid device id exception
410 GoneInvalid device id, it no longer exists.
Show Example Error Response
E0000154: Invalid factor id exception
410 GoneInvalid factor id, it is not currently active.
Show Example Error Response
E0000155: User not active exception
423 LockedUser is not currently active.
Show Example Error Response
E0000156: Invalid user id exception
410 GoneInvalid user id; the user either does not exist or has been deleted.
Show Example Error Response
E0000157: Authenticator already exists exception
409 ConflictAnother authenticator with key: {0} is already active.
Show Example Error Response
E0000158: Non user verification compliance enrollment exception
400 Bad RequestInvalid Enrollment. User verification required.
Show Example Error Response
E0000159: Non fips compliance okta verify enrollment exception
400 Bad RequestInvalid Enrollment. FIPS compliance required.
Show Example Error Response
E0000161: Domain already exists exception
403 ForbiddenUnique domain name required.
Show Example Error Response
E0000162: Domain limit exception
403 ForbiddenDomain count limit reached.
Show Example Error Response
E0000163: Domain not found exception
404 Not FoundDomain ID not found.
Show Example Error Response
E0000165: Domain not verified exception
403 ForbiddenDomain not verified.
Show Example Error Response
E0000166: Captcha limit exception
403 ForbiddenCAPTCHA count limit reached. At most one CAPTCHA instance is allowed per Org. Please remove existing CAPTCHA to create a new one.
Show Example Error Response
E0000167: Deactivate idp in use by authenticator exception
403 Forbidden{0}
Show Example Error Response
E0000168: Captcha associated with org exception
403 ForbiddenCAPTCHA cannot be removed. This CAPTCHA is associated with org-wide CAPTCHA settings, please unassociate it before removing it.
Show Example Error Response
E0000170: Org Creator API subdomain reserved exception
400 Bad RequestOrg Creator API subdomain validation exception: Using a reserved value. Try again with a different value.
Show Example Error Response
E0000171: Org Creator API subdomain locked exception
400 Bad RequestOrg Creator API subdomain validation exception: The value is already in use by a different request.
Show Example Error Response
E0000172: Org Creator API subdomain name too long exception
400 Bad RequestOrg Creator API subdomain validation exception: The value exceeds the max length.
Show Example Error Response
E0000174: Device condition dependency exception
403 ForbiddenYou can’t disable Okta FastPass because it is being used by one or more application sign-on policies. First, go to each policy and remove any device conditions. Then, come back and try again.
Show Example Error Response
E0000176: Log streaming create failed
400 Bad RequestFailed to create LogStreaming event source. {0}
Show Example Error Response
E0000177: Log streaming delete failed
400 Bad RequestFailed to delete LogStreaming event source. {0}
Show Example Error Response
E0000178: Cannot delete realm exception
400 Bad RequestThis realm cannot be deleted. {0}
Show Example Error Response
E0000179: Externally sourced attribute exception
400 Bad RequestThere is a required attribute that is externally sourced.
Show Example Error Response
E0000180: Suspended factor exception
423 LockedFactor id is currently not active.
Show Example Error Response
E0000181: Dns challenge not found exception
503 Service UnavailableService temporarily unavailable.
Show Example Error Response
E0000182: Email customization default already exists exception
409 ConflictA default email template customization already exists.
Show Example Error Response
E0000183: Email customization language already exists exception
409 ConflictAn email template customization for that language already exists.
Show Example Error Response
E0000184: Email customization cannot delete default exception
409 ConflictA default email template customization can't be deleted.
Show Example Error Response
E0000185: Email customization cannot clear default exception
409 ConflictThe isDefault parameter of the default email template customization can't be set to false.
Show Example Error Response
E0000186: SMS free org roadblock exception
429 Too Many RequestsYour free tier organization has reached the limit of sms requests that can be sent within a 30 day period.
Show Example Error Response
E0000187: Push provider dependency exception
409 ConflictCannot delete push provider because it is being used by a custom app authenticator.
Show Example Error Response
E0000188: Domain update conflict exception
409 ConflictDomain update conflict exception.
Show Example Error Response
E0000189: Email template invalid recipients exception
422 Unprocessable EntityThis template does not support the recipients value.
Show Example Error Response
E0000190: Delete ldap interface forbidden exception
403 ForbiddenDelete LDAP interface instance forbidden.
Show Example Error Response
E0000191: Transaction not found exception
404 Not FoundVerification timed out. Please try again.
Show Example Error Response
E0000192: Assign admin privilege to group with rules exception
400 Bad RequestRoles cannot be granted to groups with group membership rules. {0}
Show Example Error Response
E0000193: Group member count exceeds limit exception
400 Bad RequestRoles can only be granted to groups with 5000 or less users. {0}
Show Example Error Response
E0000194: Non applicable group type exception
400 Bad RequestRoles can only be granted to Okta groups, AD groups and LDAP groups. {0}
Show Example Error Response
E0000195: API conflict exception
409 ConflictApi validation failed due to conflict: {0}
Show Example Error Response
E0000197: Email domain already exists exception
409 ConflictUnique email domain name required.
Show Example Error Response
E0000198: Email domain not found exception
404 Not FoundEmail domain not found.
Show Example Error Response
E0000200: Brand cannot delete default exception
409 ConflictA default brand cannot be deleted.
Show Example Error Response
E0000201: Brand cannot delete already assigned exception
409 ConflictA brand associated with a custom domain or email doamin cannot be deleted.
Show Example Error Response
E0000202: Brand name already exist exception
409 ConflictBrand name already exists.
Show Example Error Response
E0000203: Brand domain mapping failure exception
409 ConflictFailed to associate this domain with the given brandId.
Show Example Error Response
E0000204: SMS rate limit exception 429
429 Too Many RequestsYou have reached the limit of sms requests, please try again later.
Show Example Error Response
E0000205: Call rate limit exception 429
429 Too Many RequestsYou have reached the limit of call requests, please try again later.
Show Example Error Response
E0000207: Incorrect username or password exception
401 UnauthorizedThe username and/or the password you entered is incorrect. Please try again.
Show Example Error Response
E0000208: Access token bad request exception
400 Bad RequestFailed to get access token. The request was invalid, reason: {0}.
Show Example Error Response
E0000209: Aaguid group violation exception
400 Bad Request{0} cannot be modified/deleted because it is currently being used in an Enroll Policy. Please make changes to the Enroll Policy before modifying/deleting the group.
Show Example Error Response
E0000211: Built in groups type exception
400 Bad RequestRoles cannot be granted to built-in groups: {0}
Show Example Error Response
E0000212: Invalid origin header exception
403 ForbiddenOrigin validation failed.
Show Example Error Response
E0000213: Cannot update page content for default brand exception
403 ForbiddenCannot update page content for the default brand.
Show Example Error Response
E0000214: User has no enrollments that are ciba enabled
400 Bad RequestUser has no custom authenticator enrollments that have CIBA as a transactionType
Show Example Error Response
E0000215: API endpoint no longer available
410 GoneThis endpoint has been deprecated.
Show Example Error Response
E0000217: Email domain invalid status exception
400 Bad RequestInvalid status. Cannot validate email domain in current status.
Show Example Error Response
E0000218: Email domain validation exception
400 Bad RequestEmail domain could not be verified by mail provider.
Show Example Error Response
E0000219: Phishing resistance policy error
403 ForbiddenThis action can't be completed because it would result in 0 phishing resistant authenticators and your org has at least one authentication policy rule that requires phishing resistant authenticators. To continue, either enable FIDO 2 (WebAuthn) or remove the phishing resistance constraint from the affected policies. Policy rules: {0}
Show Example Error Response
E0000220: Brand limit exception
403 ForbiddenBrand count limit reached.
Show Example Error Response
E0000221: Realm limit exceeded exception
403 ForbiddenYou have reached the maximum number of realms. An org cannot have more than {0} realms.
Show Example Error Response
E0000222: Email server already enabled exception
400 Bad RequestYou can enable only one SMTP server at a time. Another SMTP server is already enabled.
Show Example Error Response
E0000223: Email server connection failed exception
400 Bad RequestConnection with the specified SMTP server failed.
Show Example Error Response
E0000224: Email server auth failed exception
400 Bad RequestAuthentication with the specified SMTP server failed.
Show Example Error Response
E0000225: Email server max enrolled exception
400 Bad RequestYou reached the maximum number of enrolled SMTP servers. An org can't have more than {0} enrolled servers.
Show Example Error Response
E0000226: Required telephony inline hook enabled for phone authenticator exception
400 Bad RequestYou must have an active telephony inline hook to activate and use the Phone authenticator.
Show Example Error Response
E0000227: Non applicable app as principal type exception
400 Bad RequestRoles can only be granted to service application type
Show Example Error Response
E0000228: SMS template customization not allowed exception
403 ForbiddenSMS template customization isn't permitted.
Show Example Error Response
E0000229: Non bio or pin user verification compliance enrollment exception
400 Bad RequestInvalid Enrollment. Biometrics with Pin fallback required.
Show Example Error Response
E0000230: Idp for custom idp authenticator already in use exception
409 ConflictAnother authenticator is already associated with idpId: {0}.
Show Example Error Response
E0000231: Etag not matched exception
412 Precondition FailedETag value doesn't match.
Show Example Error Response
E0000232: Duplicate authenticator nickname exception
400 Bad RequestAnother authenticator enrollment already exists with the same nickname.
Show Example Error Response
E0000233: SMS free org okta verify setup link bloc exception
403 ForbiddenOkta Verify SMS setup link is a feature only available on paid Okta accounts. To enable this feature please upgrade your free tier org.
Show Example Error Response
E0000235: Resource selectors exception
400 Bad RequestResource Selector: {0}
Show Example Error Response
E0000236: Email customization invalid bcp47 locale format exception
400 Bad RequestThe language doesn't conform to the BCP 47 standard for locales.
Show Example Error Response
E0000237: Email customization test locale not permitted exception
400 Bad RequestThe language isn't permitted for email customization.
Show Example Error Response
E0000239: Policy lock exception
423 LockedPolicy priorities are being reconciled. Please try again later.
Show Example Error Response
E0000240: Agent time out
502 Bad GatewayRequest timed out waiting for agent.
Show Example Error Response
E0000241: No connected agents
504 Gateway TimeoutNo connected agents.
Show Example Error Response
E0000242: Invalid etag exception
400 Bad RequestETag syntax is invalid.
Show Example Error Response
E0000243: API validation exception with no message
400 Bad RequestBad request.
Show Example Error Response
E0000244: Email customization multiple defaults exception
409 ConflictThere are conflicting default customizations for this template. To create or update email customizations, discard your changes and then reset your templates.
Show Example Error Response
E0000245: Knowledge second and access policy conflict exception
400 Bad RequestOne or more authentication method chains include a knowledge method in the first step. Update these chains to require a possession factor in the first step: {0}
Show Example Error Response
E0000246: Deactivate authenticator method in use by authentication policy method chain exception
403 ForbiddenThis action can't be completed because the authentication method is in use by one or more authentication policies: {0}
Show Example Error Response
E0000247: Okta telephony disabled exception
403 ForbiddenYour organization doesn't support SMS or Voice authentication at this time. Select another authentication method.
Show Example Error Response
E0000248: Deactivate idp in use by okta account management policy exception
403 ForbiddenThe current Id Proofing Identity Provider is configured to be used in one or more Okta Account Management Policy rules. {0}
Show Example Error Response
Example errors for OpenID Connect and Social Login
In situations where Okta needs to pass an error to a downstream application through a redirect_uri, the error code and description are encoded as the query parameters error and error_description.
For example, if the redirect_uri is https://example.com, then the ACCESS_DENIED error is passed as follows:
https://example.com?error=access_denied&error_description=The%20resource%20owner%20or%20authorization%20server%20denied%20the%20request
| Property | Description |
|---|---|
unauthorized_client | The client isn't authorized to request an authorization code using this method. |
access_denied | The resource owner or authorization server denied the request. |
unsupported_response_type | The authorization server doesn't support obtaining an authorization code using this method. |
unsupported_response_mode | The authorization server doesn't support the requested response mode. |
invalid_scope | The requested scope is invalid, unknown, or malformed. |
server_error | The authorization server encountered an unexpected condition that prevented it from fulfilling the request. |
temporarily_unavailable | The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. |
invalid_client | The specified client isn't valid. |
login_required | The client specified not to prompt, but the user isn't signed in. |
invalid_request | The request parameters aren't valid. |
user_canceled_request | User canceled the social sign-in request. |