Skip to main content

OKTA050 - Failed to Get Okta Network Zone

Agent error code #OKTA050 indicates that the agent could not retrieve the configured network zone from Okta. The request reached Okta and authenticated successfully, but Okta returned an unexpected status (other than the 404 case covered by #OKTA052).

Common causes include:

  • A 5xx error from Okta during a transient service issue
  • A 400 error because the Network Zone ID in Knocknoc is not a valid Okta ID
  • A response Okta cannot serialise (extremely rare, indicates a corrupted zone)

Steps to Resolve

Verify the Network Zone ID

  1. In the Knocknoc admin interface, open the backend configuration for the affected Okta Knoc
  2. Confirm the Network Zone ID matches the value Okta shows for the zone. Network-zone IDs start with nzo followed by an opaque string
  3. If unsure, look up the ID in the Okta admin console under Security > Networks. Open the zone and copy the ID from the browser URL

For the full setup, see the Okta setup guide.

Retry After Investigating Okta Status

If the ID is correct and the underlying error in the agent logs mentions a 5xx response, check the Okta Trust page. Transient 5xx errors during a service incident resolve themselves.

Recreate the Network Zone

If the existing zone appears corrupted (for example, Okta returns it with unexpected fields), it is safest to delete and recreate it:

  1. In the Okta admin console, navigate to Security > Networks
  2. Delete the affected zone (first remove any Sign-On policy or app-condition references)
  3. Create a new IP zone with a sentinel gateway like 192.0.2.0/32 so it is not empty on creation
  4. Copy the new ID into the Knocknoc backend configuration

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top