After upgrading to Helsinki, customers are unable to log into Express instances using Okta.

Steps to Reproduce 

  1. Activate the Okta plugin pre-upgrade.

  2. Set up Okta provisioning to include the users' passwords in ServiceNow.

  3. Confirm that users are able to use their Okta password using the ServiceNow local login.

  4. Wait until the Okta API token expires (30 days).

  5. Upgrade to Helsinki.

  6. Try to log in to ServiceNow using the Okta password with the local login.

    An Invalid username error occurs.

  7. Log in as a local user (admin) that is not associated with Okta.

  8. Navigate to Okta Plugin Properties, deactivate Enable OKTA external authentication, and click Save.

  9. Re-enable Enable Okta external authentication.

    Notice the error Invalid API Token.

  10. Renew the Okta API token and update the token in ServiceNow.

  11. Re-enable Enable OKTA external authentication.

  12. Test the login as in step 6.

    Note that the login is successful.

    Prior to the upgrade, the token was not validated with Okta. Post-upgrade, it gets validated to log users in.




  1. Disable Okta in the instance.

  2. Re-generate the Okta token on the Okta server.

  3. Set the new Okta token on the instance.

  4. Re-enable Okta.

Related Problem: PRB704082

Seen In

Geneva Patch 1 Hot Fix 8
Helsinki Patch 1

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-05-21 11:33:47