Skip to content
Latchkey

Okta "E0000004 Authentication failed" in CI

Okta returned E0000004 "Authentication failed" from the /api/v1/authn primary authentication call because the username or password for the CI test user was wrong. Okta does not distinguish the two, by design.

What this error means

A login test against Okta returns 401 with "errorCode":"E0000004","errorSummary":"Authentication failed". The seeded test user credentials do not match the org.

Okta
HTTP/1.1 401 Unauthorized

{"errorCode":"E0000004","errorSummary":"Authentication failed","errorLink":"E0000004","errorId":"oae...","errorCauses":[]}

Common causes

Wrong test user credentials

The username or password for the CI user is wrong or was never set to the value the test uses.

The user is not active in this org

A staged or deactivated user cannot complete primary authentication.

How to fix it

Seed and use a valid active user

  1. Provision an active test user with a known password in the CI org.
  2. Store the credentials as CI secrets.
  3. Send them to /api/v1/authn exactly as stored.
Terminal
curl -s -X POST "https://$OKTA_ORG.okta.com/api/v1/authn" \
  -H "Content-Type: application/json" \
  -d '{"username":"'$OKTA_USER'","password":"'$OKTA_PASS'"}'

Confirm the user is active

Ensure the test user status is ACTIVE, not STAGED or SUSPENDED, before running login tests.

How to prevent it

  • Provision active test users with known passwords for CI.
  • Keep credentials in CI secrets, not in the test code.
  • Assert user status is ACTIVE during setup.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →