Documentation Index
Fetch the complete documentation index at: https://docs.iru.com/llms.txt
Use this file to discover all available pages before exploring further.
This guide applies to Mac computers
About Passport Troubleshooting with Okta
Passport troubleshooting with Okta involves resolving authentication issues that occur when using Passport with Okta as your Identity Provider (IdP). This guide helps identify and resolve common configuration and authentication problems specific to Okta integration.How It Works
When Passport authentication issues occur with Okta, troubleshooting involves checking Okta application settings, verifying OIDC configuration, examining authentication flows, and resolving configuration mismatches between Passport and your Okta tenant.Login, Diagnostics, and Network
Sign in with the full email address
At the Passport login window, always enter the user’s full email address in the username field so the session uses your IdP instead of local authentication. For how the login window and visibility settings interact with Passport, see Passport Compatibility.
Use Passport Diagnostics
If a user cannot sign in, open Iru Endpoint Passport Diagnostics with Command-Shift-K-L on the Mac. The panel surfaces useful detail, including error messages returned from your IdP.
Confirm network connectivity
Passport must reach Okta to validate credentials. When you customize the Passport login window, enable the network manager so users can join Wi-Fi if needed. The control respects AirPort security settings in macOS.
Wi-Fi limits and isolation testing
Passport shows a Wi-Fi icon at the upper-right of the login window; users can click it to join a password-protected network. Passport does not support captive portals, click-through acceptance pages, or enterprise 802.1X networks that require a separate username and password in that flow. To isolate network issues, try a mobile hotspot or wired Ethernet while testing at the Passport login window.
Common Okta errors
To look up Okta API error codes, see Okta API Error Codes on the Okta developer site.POST token 401: Invalid user credentials
POST token 401: Invalid user credentials
What you see:
"error":"Unauthorized","error_description":"Authentication Failed: Invalid user credentials"What to do:- Confirm the username and password with your IdP. This response usually means the credentials do not match what Okta expects.
- If the GET request to your OIDC well-known
openid-configurationURL returns 200, the Identity provider URL and Client ID in the Passport Library Item are typically reaching Okta correctly. In Okta, the same value may appear as Application ID.
POST token 403: User cannot access the Passport app
POST token 403: User cannot access the Passport app
What you see:
"error":"access_denied","error_description":"End-user does not have access to this application"What to do:- In Okta, confirm the user or group is assigned to the Passport OIDC application and that sign-on rules allow access.
- If the GET request to your OIDC well-known
openid-configurationURL returns 200, the Identity provider URL and Client ID in the Passport Library Item are typically reaching Okta correctly. In Okta, the same value may appear as Application ID.