Skip to main content

OKTA053 - Okta Network Zone Is Not an IP Zone

Agent error code #OKTA053 indicates that the configured network zone exists, but its type is not IP. Knocknoc only manages IP zones. Dynamic zones (geolocation, ASN, anonymiser) and policy-network zones are not supported.

Common causes include:

  • The zone was created as Dynamic Zone rather than IP Zone in the Okta admin console
  • A dynamic zone was selected by mistake when configuring the Knocknoc backend
  • The zone was edited via the Okta API and its type was changed externally

Steps to Resolve

Confirm the Zone Type in Okta

  1. In the Okta admin console, navigate to Security > Networks
  2. Open the zone pointed at by the Knocknoc backend
  3. If the Zone type reads anything other than IP Zone, this is not a zone Knocknoc can manage

Create a Replacement IP Zone

  1. In Security > Networks, click Add Zone > IP Zone (not Dynamic Zone)
  2. Give it a name and add at least one sentinel gateway (e.g. 192.0.2.0/32) so the create succeeds. Knocknoc replaces this list on the next grant
  3. Save, copy the new ID into the Knocknoc backend configuration, and remove the old dynamic-zone reference

For the full setup, see the Okta setup guide.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top