Policy Evaluation Error on Enterprise OIDC Connection

Problem statement

The following error is received:

access_denied error: “Policy evaluation failed for this request, please check the policy configurations.”

Cause

If Okta is the IdP the connection is pointed at, this error indicates the access policy for the client does not allow the scopes requested.

Solution

If the IdP targeted by the connection is Okta, this error indicates that the access policy configuration for the client does not allow the scopes the connection is requesting.

Either the access policy needs to be updated by the IdP’s admins, or the OIDC connection’s scopes must align with the access policy.

Related References