Problem

When an administrator attempts to log in to Okta, the following error appears:

“Roaming session detected for user Deny.”


Cause

By default, Okta enforces IP or ASN binding for administrator sessions. When administrators connect through a SASE solution such as Versa, their public IP address may change during the session. This change triggers Okta’s IP/ASN binding policy, which interprets it as a roaming session and denies access.


Solution

Okta provides guidance and configuration options to address this issue. Please refer to the following official Okta support articles: