Problem

When an administrator attempts to log in to Okta, the following error appears:

“Roaming session detected for user Deny.”

Cause

By default, Okta enforces IP or ASN binding for administrator sessions. When administrators connect through a SASE solution such as Versa, their public IP address may change during the session. This change triggers Okta’s IP/ASN binding policy, which interprets it as a roaming session and denies access.

Solution

Okta provides guidance and configuration options to address this issue. Please refer to the following official Okta support articles:

• Roaming session detected for user (security session detect client roaming) (Click on this article from Okta) 

• Apply IP or ASN binding to the Admin Console (Click on this article from Okta)