Review:
1. Confirm the content is accurate

2. Confirm permissions - who owns the process (T0, T1, T2, T3)

2. Update name, tags and keywords

3. Improve the style


Behavior: User tries to sign in to Okta and receives an error message saying: "You do not have permission to perform the requested action."


The following information was found in the following article online:

https://support.okta.com/help/s/article/Why-is-user-receiving-error-You-do-not-have-permission-to-perform-the-requested-action-when-logging-into-Okta?language=en_US


CAUSE: Okta Threat Insight seems to think this user's IP address is trying the origin of possible malicious activity. This can be incorrect.


To Validate, follow these steps (Desktop Support can run these steps)


  1. Navigate to the Okta System Log under Reports >> System Log
  2. Search for any recent login activity associated with the impacted user 
  3. Take note of the client IP addresses associated with the recent login activity and note any consistent login failures. Tip: If there is a lot of activity from the user, it will be easier to download the System Logs to a CSV and filter by the IP Address(es) from there.
  4. Create a new System Log search using the following query for each IP address: actor.id eq "InsertIpAddressHere" and eventType eq "security.threat.detected" and outcome.result eq "DENY"

You can find the user's IP Address by doing the following:

1. Go to "Directory" and search for the user.

2. Click on the user to load their configuration

3. Click on "view logs" next to their name

4. Find the last successful login and look at their details to find their known IP address.


If you confirm that their IP Address was falsely flagged you can request their IP address be added to the "WhiteList". 


This request must go through Tier 2


Tier 2 Steps:

Following the directions specified in this document:

https://help.okta.com/en/prod/Content/Topics/Security/threat-insight/exempt-ip-zone-threatinsight.htm


1. Click on Security -> Networks

2. Scroll down to "ThreatInsight WhiteList" and click on the edit pencil.

3. Add the user's IP Address to the WhiteList.

4. Edit this document to log who's IP addresses were added to we can track it. (Until we get a better place)


The change can take around 5-10 minutes to be live.


24.69.245.7 - Amanda Harris (Added Jan 5 2021 by Jason)