On This Page
Okta error codes and descriptions
This document contains a complete list of all errors that the Okta API returns.
All errors contain the follow fields:
| Property | Description |
|---|---|
errorCode | An Okta code for this type of error |
errorSummary | A short description of what caused this error. Sometimes this contains dynamically-generated information about your specific error. |
errorLink | An Okta code for this type of error |
errorId | A unique identifier for this error. This can be used by Okta Support to help with troubleshooting. |
errorCauses | (Optional) Further information about what caused this error |
E0000001: API validation exception
400 Bad RequestAPI validation failed for the current request. This is a fairly general error that signifies that endpoint's precondition has been violated. Such preconditions are endpoint specific. Users are encouraged to navigate to the documentation for the endpoint and read through the "Response Parameter" section. For example, the documentation for "Suspend User" indicates that suspending a user who is not active will result in the `E0000001` error code.
Show Example Error Response
E0000002: Illegal API argument exception
400 Bad RequestThe request was not valid: {0}
Show Example Error Response
E0000003: Reader exception
400 Bad RequestThe request body was not well-formed.
Show Example Error Response
E0000004: Authentication exception
401 UnauthorizedAuthentication failed
Show Example Error Response
E0000005: Invalid session exception
403 ForbiddenInvalid session
Show Example Error Response
E0000006: Access denied exception
403 ForbiddenYou do not have permission to perform the requested action
Show Example Error Response
E0000007: Resource not found exception
404 Not FoundNot found: {0}
Show Example Error Response
E0000008: Not found exception
404 Not FoundThe requested path was not found
Show Example Error Response
E0000009: Internal server error
500 Internal Server ErrorInternal Server Error
Show Example Error Response
E0000010: Read only database exception
503 Service UnavailableService is in read only mode
Show Example Error Response
E0000011: Invalid token exception
401 UnauthorizedInvalid token provided
Show Example Error Response
E0000012: Unsupported media type
404 Not FoundUnsupported media type
Show Example Error Response
E0000013: Invalid client app exception
403 ForbiddenInvalid client app id
Show Example Error Response
E0000014: Update credentials failed exception
403 ForbiddenUpdate of credentials failed
Show Example Error Response
E0000015: Feature not enabled exception
401 UnauthorizedYou do not have permission to access the feature you are requesting
Show Example Error Response
E0000016: Activate user failed exception
403 ForbiddenActivation failed because the user is already active
Show Example Error Response
E0000017: Reset password failed exception
403 ForbiddenPassword reset failed
Show Example Error Response
E0000018: Servlet request binding exception
400 Bad RequestBad request. Accept and/or Content-Type headers are likely not set.
Show Example Error Response
E0000019: HTTP media type not acceptable exception
400 Bad RequestBad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000020: Illegal argument exception
400 Bad RequestBad request.
Show Example Error Response
E0000021: HTTP media type not supported exception
400 Bad RequestBad request. Accept and/or Content-Type headers likely do not match supported values.
Show Example Error Response
E0000022: HTTP request method not supported exception
405 Method Not AllowedThe endpoint does not support the provided HTTP method
Show Example Error Response
E0000023: App user exception
403 ForbiddenOperation failed because user profile is mastered under another system
Show Example Error Response
E0000024: Unsupported app metadata operation exception
400 Bad RequestBad request. This operation on app metadata is not yet supported.
Show Example Error Response
E0000025: Assign app version failed exception
400 Bad RequestApp version assignment failed.
Show Example Error Response
E0000026: API endpoint deprecated exception
404 Not FoundThis endpoint has been deprecated.
Show Example Error Response
E0000027: Group push exception
400 Bad RequestGroup push bad request : {0}
Show Example Error Response
E0000028: Missing servlet request parameter exception
400 Bad RequestThe request is missing a required parameter.
Show Example Error Response
E0000029: Invalid paging exception
400 Bad RequestInvalid paging request.
Show Example Error Response
E0000030: Invalid date exception
400 Bad RequestBad request. Invalid date. Dates must be of the form yyyy-MM-dd'T'HH:mm:ss.SSSZZ, e.g. 2013-01-01T12:00:00.000-07:00.
Show Example Error Response
E0000031: Invalid search criteria exception
400 Bad RequestInvalid search criteria.
Show Example Error Response
E0000032: Unlock forbidden exception
403 ForbiddenUnlock is not allowed for this user.
Show Example Error Response
E0000033: Search request exception
400 Bad RequestBad request. Can't specify a search query and filter in the same request.
Show Example Error Response
E0000034: Forgot password not allowed exception
403 ForbiddenForgot password not allowed on specified user.
Show Example Error Response
E0000035: Change password not allowed exception
403 ForbiddenChange password not allowed on specified user.
Show Example Error Response
E0000036: Change recovery question not allowed exception
403 ForbiddenChange recovery question not allowed on specified user.
Show Example Error Response
E0000037: Type mismatch exception
400 Bad RequestType mismatch exception. {0}
Show Example Error Response
E0000038: User operation forbidden exception
403 ForbiddenThis operation is not allowed in the user's current status.
Show Example Error Response
E0000039: Change app instance failed exception
403 ForbiddenOperation on application settings failed.
Show Example Error Response
E0000040: Duplicate instance label exception
400 Bad RequestApplication label must not be the same as an existing application label.
Show Example Error Response
E0000041: Password option argument exception
400 Bad RequestCredentials should not be set on this resource based on the scheme.
Show Example Error Response
E0000042: Set redirect url failed exception
403 ForbiddenSetting the error page redirect URL failed.
Show Example Error Response
E0000043: Self assign org apps not enabled exception
403 ForbiddenSelf service application assignment is not enabled.
Show Example Error Response
E0000044: Self assign not supported exception
403 ForbiddenSelf service application assignment is not supported.
Show Example Error Response
E0000045: Field mapping API exception
400 Bad RequestField mapping bad request.
Show Example Error Response
E0000046: Deactivate app user forbidden exception
403 ForbiddenDeactivate application for user forbidden.
Show Example Error Response
E0000047: Too many requests exception
429 Too Many RequestsAPI call exceeded rate limit due to too many requests.
Show Example Error Response
E0000048: OPP entity not found exception
404 Not FoundEntity not found exception.
Show Example Error Response
E0000049: OPP invalid SCIM data from SCIM implementation exception
500 Internal Server ErrorInvalid SCIM data from SCIM implementation.
Show Example Error Response
E0000050: OPP invalid SCIM data from client exception
400 Bad RequestInvalid SCIM data from client.
Show Example Error Response
E0000051: OPP no response from SCIM implementation exception
500 Internal Server ErrorNo response from SCIM implementation.
Show Example Error Response
E0000052: OPP endpoint not implemented exception
501 Not ImplementedEndpoint not implemented.
Show Example Error Response
E0000053: OPP invalid SCIM filter
400 Bad RequestInvalid SCIM filter.
Show Example Error Response
E0000054: OPP invalid pagination properties
400 Bad RequestInvalid pagination properties.
Show Example Error Response
E0000055: OPP duplicate group
409 ConflictDuplicate group.
Show Example Error Response
E0000056: Delete app instance forbidden exception
403 ForbiddenDelete application forbidden.
Show Example Error Response
E0000057: Policy deny exception
403 ForbiddenAccess to this application is denied due to a policy.
Show Example Error Response
E0000058: Policy factor required exception
403 ForbiddenAccess to this application requires MFA: {0}
Show Example Error Response
E0000059: OPP connector settings test failure
400 Bad RequestThe connector configuration could not be tested. Make sure that the URL, Authentication Parameters are correct and that there is an implementation available at the URL provided.
Show Example Error Response
E0000060: Unsupported operation
501 Not ImplementedUnsupported operation.
Show Example Error Response
E0000061: Tab exception
403 ForbiddenTab error: {0}
Show Example Error Response
E0000062: Duplicate app assignment
409 ConflictThe specified user is already assigned to the application.
Show Example Error Response
E0000063: Invalid parameter combination exception
400 Bad RequestInvalid combination of parameters specified.
Show Example Error Response
E0000064: Password expired exception
401 UnauthorizedPassword is expired and must be changed.
Show Example Error Response
E0000065: App metadata internal server exception
500 Internal Server ErrorInternal error processing app metadata.
Show Example Error Response
E0000066: Mim apns not configured exception
400 Bad RequestAPNS is not configured, contact your admin
Show Example Error Response
E0000067: Factor service timeout exception
504 Gateway TimeoutFactors Service Error.
Show Example Error Response
E0000068: Factor invalid code exception
403 ForbiddenInvalid Passcode/Answer
Show Example Error Response
E0000069: Factor user locked exception
403 ForbiddenUser Locked
Show Example Error Response
E0000070: Factor waiting for ack exception
202 AcceptedWaiting for ACK
Show Example Error Response
E0000071: Mim unsupported version exception
400 Bad RequestUnsupported OS Version: {0}
Show Example Error Response
E0000072: Mim enrollment disallowed exception
403 ForbiddenMIM policy settings have disallowed enrollment for this user
Show Example Error Response
E0000073: Factor user rejected code exception
403 ForbiddenUser rejected authentication
Show Example Error Response
E0000074: Factor service exception
400 Bad RequestFactor Service Error
Show Example Error Response
E0000075: App user profile push constraint exception
403 ForbiddenCannot modify the {0} attribute because it has a field mapping and profile push is enabled.
Show Example Error Response
E0000076: App user profile mastering constraint exception
405 Method Not AllowedCannot modify the app user because it is mastered by an external app.
Show Example Error Response
E0000077: Read only attribute exception
403 ForbiddenCannot modify the {0} attribute because it is read-only.
Show Example Error Response
E0000078: Immutable attribute exception
403 ForbiddenCannot modify the {0} attribute because it is immutable.
Show Example Error Response
E0000079: Illegal auth state exception
403 ForbiddenThis operation is not allowed in the current authentication state.
Show Example Error Response
E0000080: Password policy violation exception
403 ForbiddenThe password does not meet the complexity requirements of the current password policy.
Show Example Error Response
E0000081: System scope attribute exception
403 ForbiddenCannot modify the {0} attribute because it is a reserved attribute for this application.
Show Example Error Response
E0000082: Factor passcode replayed exception
403 ForbiddenEach code can only be used once. Please wait for a new code and try again.
Show Example Error Response
E0000083: Factor time window exceeded exception
403 ForbiddenPassCode is valid but exceeded time window.
Show Example Error Response
E0000084: App evaluation exception
403 ForbiddenApp evaluation error.
Show Example Error Response
E0000085: Sign on denied exception
403 ForbiddenYou do not have permission to access your account at this time.
Show Example Error Response
E0000086: Policy activation exception
403 ForbiddenThis policy cannot be activated at this time.
Show Example Error Response
E0000087: Invalid recovery answer exception
403 ForbiddenThe recovery question answer did not match our records.
Show Example Error Response
E0000088: Org Creator API subdomain validation exception
400 Bad RequestOrg Creator API subdomain validation exception.
Show Example Error Response
E0000089: Org Creator API name validation exception
400 Bad RequestOrg Creator API name validation exception.
Show Example Error Response
E0000090: Duplicate role assignment exception
409 ConflictThe role specified is already assigned to the user.
Show Example Error Response
E0000091: Illegal role assignment exception
405 Method Not AllowedThe provided role type was not the same as required role type.
Show Example Error Response
E0000092: Policy allow with conditions exception
403 ForbiddenAccess to this application requires re-authentication: {0}
Show Example Error Response
E0000093: Too many target records exception
400 Bad RequestTarget count limit exceeded
Show Example Error Response
E0000094: Complex filter exception
400 Bad RequestThe provided filter is unsupported.
Show Example Error Response
E0000095: Recovery forbidden for unknown user exception
403 ForbiddenRecovery not allowed for unknown user.
Show Example Error Response
E0000096: Idp certificate conflict exception
409 ConflictThis certificate has already been uploaded with kid={0}.
Show Example Error Response
E0000097: Mobile phone not verified exception
403 ForbiddenThere is no verified phone number on file.
Show Example Error Response
E0000098: Phone number parse exception
400 Bad RequestThis phone number is invalid.
Show Example Error Response
E0000099: International SMS call not enabled exception
403 ForbiddenOnly numbers located in US and Canada are allowed. Contact your administrator if this is a problem.
Show Example Error Response
E0000100: Search not available exception
503 Service UnavailableUnable to perform search query.
Show Example Error Response
E0000101: Invalid hosted mobile app
400 Bad RequestThere was an issue with the app binary file you uploaded. {0}
Show Example Error Response
E0000102: Invalid yubikey state exception
403 ForbiddenYubiKey cannot be deleted while assigned to an user. Please deactivate YubiKey using reset MFA and try again
Show Example Error Response
E0000103: OEM command already queued
403 ForbiddenAction on device already in queue or in progress
Show Example Error Response
E0000104: OEM device already locked
403 ForbiddenDevice is already locked and cannot be locked again
Show Example Error Response
E0000105: Invalid or expired recovery token
403 ForbiddenYou have accessed an account recovery link that has expired or been previously used.
Show Example Error Response
E0000107: Transition state exception
403 ForbiddenThe entity is not in the expected state for the requested transition.
Show Example Error Response
E0000108: OEM generic duplicate resource
409 ConflictOEM generic duplicate resource.
Show Example Error Response
E0000109: SMS too many requests exception
429 Too Many RequestsAn SMS message was recently sent. Please wait 30 seconds before trying again.
Show Example Error Response
E0000110: Invalid or expired transaction token
403 ForbiddenYou have accessed a link that has expired or has been previously used.
Show Example Error Response
E0000111: Read only object exception
403 ForbiddenCannot modify the {0} object because it is read-only.
Show Example Error Response
E0000112: Update activating user exception
409 ConflictCannot update this user because they are still being activated. Please try again in a few minutes.
Show Example Error Response
E0000113: Factor additional challenge exception
409 Conflict{0}.
Show Example Error Response
E0000115: Hosted mobile app service exception
503 Service UnavailableThere was an issue while uploading the app binary file. {0}
Show Example Error Response
E0000116: Hosted mobile app upload exception
400 Bad Request{0}
Show Example Error Response
E0000117: Inactive user forbidden exception
403 ForbiddenCannot assign apps or update app profiles for an inactive user.
Show Example Error Response
E0000118: Email too many requests exception
429 Too Many RequestsAn email was recently sent. Please wait 5 seconds before trying again.
Show Example Error Response
E0000119: User locked recovery answer exception
403 ForbiddenYour account is locked. Please contact your administrator.
Show Example Error Response
E0000120: Org Creator API custom domain validation exception
400 Bad RequestThe custom domain requested is already in use by another organization.
Show Example Error Response
E0000121: Invalid phone extension
400 Bad RequestInvalid phone extension. Please enter a valid phone extension.
Show Example Error Response
E0000122: Media type not accepted exception
406 Not AcceptableAccept Header did not contain supported media type 'application/json'
Show Example Error Response
E0000123: Enum mismatch exception
400 Bad RequestArray specified in enum field must match const values specified in oneOf field.
Show Example Error Response
E0000124: Expire on create requires password exception
400 Bad RequestCould not create user. To create a user and expire their password immediately, a password must be specified
Show Example Error Response
E0000125: Expire on create requires activation exception
400 Bad RequestCould not create user. To create a user and expire their password immediately, "activate" must be true
Show Example Error Response
E0000126: Self service not supported exception
400 Bad RequestSelf service is not supported with the current settings.
Show Example Error Response
E0000127: Linked object definition exception
409 ConflictInvalid linked objection definition. {0}
Show Example Error Response
E0000131: Feature validation exception
400 Bad Request{0}
Show Example Error Response
E0000132: Client registration already active exception
400 Bad RequestThe registration is already active for the given user, client and device combination
Show Example Error Response
E0000133: Phone call too many requests exception
429 Too Many RequestsA phone call was recently made. Please wait 30 seconds before trying again.
Show Example Error Response
E0000134: Callback execution exception
502 Bad GatewayOkta could not communicate correctly with an inline hook.
Show Example Error Response
E0000135: Callback error
400 Bad RequestAn inline hook responded with an error.
Show Example Error Response
E0000136: Mobile phone conflict exception
409 ConflictMobile phone conflict exception.
Show Example Error Response
E0000137: Callback timeout
504 Gateway TimeoutOkta did not receive a response from an inline hook.
Show Example Error Response
E0000138: Telephony internal error
500 Internal Server ErrorThere was an internal error with call provider(s).
Show Example Error Response
E0000139: Telephony provider error
503 Service UnavailableTelephony provider error.
Show Example Error Response
E0000140: Telephony opt out error
400 Bad RequestTelephony opt out error.
Show Example Error Response
E0000141: Feature update error
400 Bad RequestFeature cannot be enabled or disabled due to dependencies/dependents conflicts.
Show Example Error Response
E0000142: Delete user type exception
403 ForbiddenThis User Type cannot be deleted.
Show Example Error Response
E0000143: App instance operation not allowed exception
403 ForbiddenApp instance operation not allowed.
Show Example Error Response
E0000145: User entity conversion type error
409 ConflictSome users returned by the search cannot be parsed because the user schema has been changed to be inconsistent with their stale profile data.
Show Example Error Response
E0000146: SMS roadblock exception
429 Too Many RequestsYour organization has reached the limit of sms requests that can be sent within a 24 hour period.
Show Example Error Response
E0000147: Call roadblock exception
429 Too Many RequestsYour organization has reached the limit of call requests that can be sent within a 24 hour period.
Show Example Error Response
E0000148: Policy violation exception
403 ForbiddenCannot disable this authenticator because it is enabled in one or more policies. To continue, disable the authenticator in these policies.
Show Example Error Response
E0000149: HTTP request not acceptable
406 Not AcceptableThe HTTP request is not acceptable.
Show Example Error Response
E0000150: SMS rate limit exception
429 Too Many RequestsYou have reached the limit of sms requests, please try again later.
Show Example Error Response
E0000151: Call rate limit exception
429 Too Many RequestsYou have reached the limit of call requests, please try again later.
Show Example Error Response
Example errors for OpenID Connect and Social Login
In situations where Okta needs to pass an error to a downstream application through a redirect_uri, the error code and description are encoded as the query parameters error and error_description.
For example, if the redirect_uri is https://example.com, then the ACCESS_DENIED error is passed as follows:
https://example.com?error=access_denied&error_description=The%20resource%20owner%20or%20authorization%20server%20denied%20the%20request
| Property | Description |
|---|---|
unauthorized_client | The client isn't authorized to request an authorization code using this method. |
access_denied | The resource owner or authorization server denied the request. |
unsupported_response_type | The authorization server doesn't support obtaining an authorization code using this method. |
unsupported_response_mode | The authorization server doesn't support the requested response mode. |
invalid_scope | The requested scope is invalid, unknown, or malformed. |
server_error | The authorization server encountered an unexpected condition that prevented it from fulfilling the request. |
temporarily_unavailable | The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. |
invalid_client | The specified client isn't valid. |
login_required | The client specified not to prompt, but the user isn't signed in. |
invalid_request | The request parameters aren't valid. |
user_canceled_request | User canceled the social sign-in request. |