Okta Sign On Error Message Customizations

With the increase of Adaptive MFA use case and all the different combination of posture presented to evaluate the sign in into a resource, organisations require to customize their messaging to their end users to provide context and reduce the login experience friction.

Keep in mind that for security reason we may not want to give too much details regarding the error as we do not want to compromise the security access of our organisation by giving indication to attacker. We recommend to finding the right balance for it.

In this Article I will take you through step by step how to achieve this.

First of all you will need to know which Error type message you would like to customize. Please find the full public list of Okta error code at this link:

https://developer.okta.com/docs/reference/error-codes/

Now you have identified your error code go to your okta Admin Console then look for the Customizations section then click Sign-in page code editor:

Here is the code function you need to add in order to customize the error message:

config.language=’en’;
config[‘i18n’] = {
// Overriding English properties
‘en’: {
‘errors.E0000006′:’Access Denied: One or more device security requirements is missing. Please contact internal support for any questions.’
}
}

In this case we are addressing the denied access message which translate to device posture error like if the device isn’t managed or if the device security signal isn’t met.

Credits:

Special Credit to Sathish Balasubramaniyan on this.

Leave a Reply