I received an error message such as “403 Access Forbidden” when attempting to log into EdPortal. What does it mean?
Okta has a security mechanism in place to protect against cyberattacks. When too many ‘pings’ come from a single IP address, Okta will lock down that IP address for a period of 24 hours from the last ‘ping’ (aka attempt to access) to block a potential cyberattack attempt. Many schools have a network setup that assigns the same IP address to all users, which means if one user locks it out then all users in that location are impacted. When a lockout occurs, Okta will give anyone trying to access EdPortal a 403 error when they attempt to log in and have that IP address.
What causes this lockdown?
- Someone in the school used the Forgot Password/Unlock Account function repeatedly.
- A teacher/staff member administering an assessment in a lab setting - using the same teacher’s login credentials repeatedly on multiple computers.
How do we unlock Okta?
The short answer is: you can’t. Neither the school nor the state teams can unlock the IP address - the 24 hour time must run out without any additional attempts to log in from anyone at that location/IP address.
Workaround: If you can jump onto a different network, such as a hotspot, then you should be able to log in successfully. For those encountering the lockout when administering FastBridge assessments, you can export the list of student usernames and passwords to log in for each student individually on the FastBridge site rather than logging in repeatedly with your own account via Okta.
Note: The lockout is for 24 hours from the last time anyone from that IP address attempted to access EdPortal, NOT from the time that it first locked out. Example: At 1pm Betty Sue tries to retrieve her password multiple times because she’s not seeing the confirmation email and Okta locks down the IP. Melvin is working in the same office but doesn’t know this and tries unsuccessfully to login to EdPortal at 3pm. The system will unlock 24 hours from 3pm when Melvin last tried to log in, not from when Betty Sue triggered the lockout.
How to avoid an IP lockout
When attempting to retrieve your password, use the Forgot Password/Unlock Account function only once. If you do not receive the email, even in your spam folder, do not repeat the process. Stop and contact the state Okta support team by submitting a ticket or call (515) 281-5703 or 800-532-1174.
For FastBridge screening, use the student logins for computer administered assessments. You can export the list of student usernames and passwords from FastBridge. Use that information to log in to each student’s computer on the FastBridge site, which does not go through Okta security. See: Getting a list of student usernames and passwords.