When attempting to use single sign-on (SSO) with Okta, some users may encounter a 400 error. This error indicates that the request made to the Okta service is invalid. One potential cause for this error is attempting to log in with a domain that has not been validated in Okta.
Users may observe the following symptoms when experiencing an Okta 400 error:
Upon initiating the SSO process, the browser displays a 400 Bad Request error page.
The SSO flow fails to complete, preventing users from accessing the desired application or service.
A common cause for receiving an Okta 400 error during SSO is attempting to authenticate with a domain that has not been verified in Okta. Okta requires the explicit validation of each domain used for SSO to ensure the security and integrity of the authentication process. When a domain is not properly validated, Okta rejects the request, resulting in the 400 error.
To resolve the Okta 400 error caused by an unvalidated domain, follow the steps below:
Log in to Flexera One
Navigate to Administration > Identity Providers > Domains
Click on ‘Add a Domain’ and follow the prompts
Save the changes to the identity provider settings.
Test the SSO process again to verify if the issue has been resolved.
If the issue persists or you encounter any other errors, please reach out to the Flexera Technical Support team for further assistance. Provide them with detailed information about the steps you've taken and any error messages received, as this will help expedite the troubleshooting process.
To avoid encountering the Okta 400 error due to an unvalidated domain in the future, it is important to validate any new domains before attempting to use them for SSO.