Description

This article discusses potential causes of a broken Okta LDAP connection in Jamf Pro. The Jamf Pro Server logs show Okta error Code E0000004, which indicates that authorization failed.

An example log entry is shown below:

2026-03-03T18:18:35,058 [DEBUG] [Tomcat-206 ] [LDAPPoolFactory          ] - Error creating directory context in 490 milliseconds. javax.naming.AuthenticationException: [LDAP: error code 49 - Authentication failed : (Refer to Okta error Code E0000004)]

Cause 1: The credential entered in the LDAP Connection settings of Jamf Pro are incorrect.

Verify the correct credentials have been entered and that the account isn’t locked or disabled in Okta.

Cause 2: Okta is blocking the Jamf Pro IP Addresses.

We can verify this by checking the logs in Okta for the following error:

To resolve this:

Create a zone in Okta with the Jamf IP addresses: Security > Networks > Add Zone.
Note: We only need to add the IP address for the jamf_cloud_services entry associated to the region.
Next, add the Zone to ThreatInsight allow list: Security > General > ThreatInsight > Edit > Allowed Zones.

Jamf Pro and LDAP Server Information Synchronization

Jamf Pro SMTP Connection using MS Graph API - Common Error Messages

Unable to Send or Receive Emails Using SMTP (port 25)

Synchronizing Jamf School with Google Secure LDAP

Unable to Verify Okta Password - Jamf Connect Login 3.5 and later

Okta LDAP E0000004

Description

Cause 1: The credential entered in the LDAP Connection settings of Jamf Pro are incorrect.

Cause 2: Okta is blocking the Jamf Pro IP Addresses.