I’m experiencing an intermittent issue with Okta integration with Access. I implemented this yesterday, following the Okta integration technote, and everything worked as expected. Today, when I attempt to access a resource protected by Access with Okta authentication, it is failing. I run Test for the integration under Settings | Authentication | Login Methods and I get:

Failed to get your identity
Looks like something went wrong. Here are the details.
OKTA ERROR: Failed to exchange code for token
{
“errorCode”: “E0000006”,
“errorSummary”: “You do not have permission to perform the requested action”,
“errorLink”: “E0000006”,
“errorId”: “oae7pgSHFdVSZi8QxdbcA3IVw”,
“errorCauses”:
}

The strange thing is I get a successful connection about 30% of the time when I run the test. That leads me to believe it is not a permission issue.

Any idea how I can begin troubleshooting this issue?

I’d love to blame either one? Wait for one or the other to announce a service issue, otherwise really hard to tell. Cloudflare has shite diagnostics to view a response and Okta has questionable logging for inbound requests. Without support frome one or another to look at the data… if it works sometimes, shmaybe an Okta issue? But I am not putting money on either side.

The issue turned out to be on the Okta side. One of the admins set location blocks in Okta, which caused the Okta authentication to fail. The interesting thing is the Cloudflare WARP IP was from the LAX data center, but Okta was detecting the IP as being located in Brazil. Incorrect geolocation detection in Okta was the root cause of the issue.

Thank you for the answer to that particular issue. Warp egress IP location can indeed be a fun challenge.