-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Okta MFA policy results in 401 #1149
Comments
You need to check your Global Sessions Policy. If it is asking for an MFA requirement you will get a 401. We ran into this issue as well. |
Thanks for the suggestion. Our Global Sessions Policy already were not enforcing MFA, so I'm not sure why AWS is still giving such trouble here. |
What I would do is go to Reports --> Access Testing Tool in the Admin console and test for a user experiencing the issues then hit list view and see all the policies they are hitting. The issue is in there somewhere. |
Just got the same issue today for our AWS users.
Had to reroute users to use Browser flow |
Hey all, looking for some advice/guidance on successfully requiring MFA (Okta Verify, either push or TOTP) on every saml2aws login.
I am able to use saml2aws to authenticate to Okta when our app authentication policy for AWS is set to just password.
However when the authentication policy is set to "any two factor", saml2aws throws an error after the user specifies their password.
Error authenticating to IdP.: error retrieving auth response: request for url: https://{org}.okta.com/api/v1/authn failed status: 401 Unauthorized
Is there a certain way to configure the authentication policy within Okta?
The text was updated successfully, but these errors were encountered: