Authentication and On-Demand MFA API Error Codes

The Authentication and On-Demand Multifactor Authentication (MFA) APIs for identity domains in IAM provide error codes and descriptive messages when errors occur.

This table lists the authentication error codes that the Authentication and On-Demand MFA APIs respond with when errors occur.

Error Code

Error Message
AUTH-3001

You entered an incorrect username or password.

AUTH-3002

Your account is locked. Contact your system administrator.

AUTH-3003

Your account is deactivated. Contact your system administrator.

AUTH-3004

Your password is expired.

AUTH-3005

You must change your password.

AUTH-3006

A system error has occurred in identity domains. Contact your system administrator.

AUTH-3007

The username that you entered is invalid. Contact your system administrator.

AUTH-3008

Invalid token. Contact your system administrator.

AUTH-3009

Token expired. Contact your system administrator.

AUTH-3010

Identity domains can't authenticate the user account. Contact your system administrator.

AUTH-3011

There's a problem with the identity domains server. Contact your system administrator.

AUTH-3012

A federated user can't perform local authentication.

AUTH-3013

The logout URL {0} is invalid.

AUTH-3014

Token has no subject.

AUTH-3015

Token has no issuer.

AUTH-3016

Token has invalid issue time.

AUTH-3017

Token has no expiry time.

AUTH-3018

User not found.

AUTH-3019

Token has no issue time.

AUTH-3020

The Subject claim doesn't match the Issuer claim.

AUTH-3021

The Identity Provider name is either blank or incorrect in the request.

AUTH-3022

No identity provider is configured.

AUTH-3023

The credentials that you entered don't match the existing user session.

AUTH-3024

You aren't authorized to access the app. Contact your system administrator.

AUTH-3025

Your account isn't activated. To activate your account, click the link in the activation email that was sent to your email address.

AUTH-3026

Invalid login request. The request wasn't initiated using a supported protocol channel.

AUTH-3028

Identity domains can't authenticate the user account. Contact your system administrator.

AUTH-3029

MFA is enabled for the user. The user must provide a second factor of authentication in addition to password authentication.

AUTH-3030

Tenant has Multifactor Authentication (MFA) enabled. Use MFA for all users of this tenant.

AUTH-3031

User has Multifactor Authentication (MFA) enabled. Use MFA for this user.

AUTH-3032

The user is already logged in.

AUTH-3033

The sign-on policy prevents the user {0} from accessing applications protected by identity domains because: {1}.

AUTH-3034

You configured an invalid error URL.

AUTH-1001

Invalid request. The required parameter '{0}' is missing from the request.

AUTH-1002

The {0} authentication factor is not supported or enabled.

AUTH-1003

Your request to enroll failed because: {0}. Contact your system administrator.

AUTH-1004

Enrollment initiation request failed because: {0}.

AUTH-1005

You are enrolled in the maximum number of 2-Step Verification methods that are allowed.

AUTH-1006

Authentication initiation request failed because {0}.

AUTH-1007

Authentication failed.

AUTH-1008

Couldn't validate security questions because: {0}.

AUTH-1009

Couldn't update security questions because: {0}.

AUTH-1010

Your account is locked. Contact your system administrator.

AUTH-1011

No MFA factors are enabled for this domain.

AUTH-1012

System error.

AUTH-1013

You are not authorized to use 2-Step Verification. Contact your system administrator.

AUTH-1014

The device with ID {1} is not found. Contact your system administrator.

AUTH-1015

User has not selected any security questions.

AUTH-1016

You can't skip enrollment. 2-Step Verification is required.

AUTH-1017

Your 2-Step Verification methods are no longer valid. Contact your system administrator.

AUTH-1018

The ""{0}"" security question hasn't been enabled for user enrollment. Please contact your system administrator.

AUTH-1020

You've already provided this answer for another security question. Please specify a different answer for this question.

AUTH-1021

The answer to the ""{0}"" security question must have at least {1} characters.

AUTH-1022

You must set up {0} security questions to use the Security Questions feature.

AUTH-1023

The hint can't be the same as the answer of a security question.

AUTH-1024

You can select a security question only once.

AUTH-1026

You have entered the wrong answer.

AUTH-1027

You have exceeded the maximum number of 2-Step Verification attempts. Reset your password to unlock your account.

Contact your system administrator if you can't reset your password.

AUTH-1028

You have exceeded the maximum number of 2-Step Verification attempts. Contact your system administrator to unlock your account.

AUTH-1029

Resetting factors cannot be supported if enrollment type is Required.

AUTH-1030

Your phone number {0} is not valid.

AUTH-1031

The phone number {0} is already enrolled for the user.

AUTH-1032

The device status is not valid.

AUTH-1033

Payload error. Either the payload in the request is null, or the payload couldn't be parsed.

AUTH-1034

You are not authorized to perform this action.

AUTH-1035

You have already enrolled in 2-Step Verification. Register for additional factors using the administrative console.

AUTH-1036

Session is no longer valid. Close the browser and log in again.

AUTH-1037

You must set {0} security questions.

AUTH-1038

Please provide your answer for the ""{0}"" security question.

AUTH-1039

The ID of the {0} security question isn't valid.

AUTH-1040

You must answer {0} security questions.

AUTH-1041

Your answer to the ""{0}"" security question can't exceed {1} characters.

AUTH-1042

Your hint to the ""{0}"" security question can't exceed {1} characters.

AUTH-1100

The SMS authentication factor is not enabled.

AUTH-1101

The PUSH authentication factor is not enabled.

AUTH-1102

The OTP authentication factor is not enabled.

AUTH-1103

The Security Questions authentication factor is not enabled.

AUTH-1104

The Bypass Code authentication factor is not enabled.

AUTH-1105

Invalid passcode.

AUTH-1106

Unable to process the request at this time. Use a backup verification method.

AUTH-1107

Pull notification channel has not been enabled for your tenant.

AUTH-1108

Push Notification approval is pending.

AUTH-1109

Enrollment in the One-Time Passcode authentication method is pending verification.

AUTH-1110

The authentication token has expired.

AUTH-1111

The request provided is invalid. Please look at the error message for validation error details.

AUTH-1112

Unexpected error encountered while processing the request.

AUTH-1113

An authentication factor must be provided while configuring a preferred device.

AUTH-1114

You must provide the deviceId when configuring {0} as the preferred authentication factor.

AUTH-1115

The authentication factor passed in the request is not supported. Supported factors are {0}.

AUTH-1116

The op passed in the request is not supported. Supported operations are {0}.

AUTH-1117

The requestState provided has expired. Please provide a valid requestState.

AUTH-1118

You provided an invalid appName. Verify that the App display name is correct.

AUTH-1119

The operation {0} isn't supported by the {1} endpoint. Use the {2} endpoint.

AUTH-1120

The requestState provided is either invalid or expired. Please provide a valid requestState.

AUTH-1121

You provided an invalid request JSON payload.

AUTH-1122

The application is not active.

AUTH-1123

An error occurred while logging in using social identity.