Skip to main content

OKTA005 - Okta API Rate Limit Exceeded

Agent error code #OKTA005 indicates that Okta rejected the request with HTTP 429 Too Many Requests. The agent has hit the per-org rate limit on the network-zones API.

Okta publishes its rate limits at Okta rate limits. The network-zones endpoint shares a bucket with the rest of org management, so heavy use elsewhere can also push Knocknoc over the line.

Common causes include:

  • A large number of users granting and revoking access in a short window (e.g. a mass-onboarding event)
  • Another tool in the org making frequent admin-API calls
  • Multiple Knocknoc agents pointed at the same Okta network zone

Steps to Resolve

Wait Out the Throttle

Okta returns a X-Rate-Limit-Reset header indicating when the bucket refills. The Knocknoc agent backs off automatically. If grants are not landing, wait a few minutes and confirm in the agent logs that the throttle has cleared.

Audit Other API Activity

  1. In the Okta admin console, navigate to Reports > System Log
  2. Filter by recent admin-API calls. Identify any automation making frequent updates and stagger it

Reduce Update Frequency

If a single network zone is being updated by multiple Knocknoc agents simultaneously, consider consolidating to a single agent. Knocknoc updates the zone's full gateway list on every grant/revoke, so concurrent updates compound the throttle pressure.

For the full setup, see the Okta setup guide.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top