Problem
When an administrator attempts to log in to Okta, the following error appears:
“Roaming session detected for user Deny.”
Cause
By default, Okta enforces IP or ASN binding for administrator sessions. When administrators connect through a SASE solution such as Versa, their public IP address may change during the session. This change triggers Okta’s IP/ASN binding policy, which interprets it as a roaming session and denies access.
Solution
Okta provides guidance and configuration options to address this issue. Please refer to the following official Okta support articles: