Hello,
I’m experiencing an issue with a fresh Okta developer (Integrator) account. I can’t sign in because I’m getting a “403 Access Forbidden” error.
Background
- I’m the only user on this Okta account.
- The only setup changes I made were:
- Enabled email as an authentication method.
- Modified the Okta Admin Console security policy to require email as the only second factor.
Steps to Reproduce
- Sign up for a new Okta Integrator account.
- Verify your account email, set up a password, and configure Okta Verify.
- Go to Settings → Authenticators and edit the “email” method to be used for authentication and recovery (instead of recovery only).
- Go to Settings → Authentication policies:
- Edit both rules.
- In “Authentication methods”, select “Allow specific authentication methods” and enter “email.”
- Now, the policy requires: password + email.
Step-up verification may not appear unless you use an incognito/private browsing tab. I discovered this workaround here, so this could be a duplicate:
Okta forum link
- Sign out and try to sign in:
- After entering your password and submitting, you’ll receive a 403 Forbidden screen.
- URL error message:
The+resource+owner+or+authorization+server+denied+the+request. - Removing Okta Verify from the admin user’s methods does not help.
Additional Observations
- If, while editing the rules, you set “prompt for authentication method” to “after some time period” (e.g., a few hours), then upon signing out and in again, you’ll see a 401 Unauthorized error instead.
Impact
This error is preventing our organization from migrating to Okta Integrator.
There are no warnings indicating that enabling the email method will lock you out of the admin account.
It’s really frustrating. Is there a timeline for when this will be fixed?