492 User Access Forbidden

The HTTP 492 User Access Forbidden status code is an unofficial client error specific to Akamai Enterprise Application Access (EAA), returned when a user who passed Authentication lacks authorization to access the requested application.

Table of Contents

Usage

Akamai EAA returns 492 after the user has successfully authenticated through the identity provider (IdP) but the access policy denies the request. The user's group membership or access rules configured in EAA do not grant permission to reach the target application.

For TCP and tunnel-type applications, 492 also appears when recent configuration changes have not yet deployed to the EAA Client running on the user's device. The client periodically syncs its configuration. Until the sync completes, the old policy remains in effect and blocks newly granted access.

The response originates from the Akamai data point-of-presence (POP), which enforces authorization decisions before forwarding requests to the enterprise connector. The application server behind the connector never receives the request.

SEO impact

Search engines like Google will not index a URL with 492 response status, and consequently, URLs indexed in the past returning this HTTP status code will be removed from search results.

Example

A client requests an internal application through EAA. The data POP verifies the user's identity but determines the user is not assigned to the application's access group.

Request

GET /internal/dashboard HTTP/1.1
Host: app.example.re
Cookie: akamai_eaa_session=eyJhbGciOiJSUzI1...

Response

HTTP/1.1 492 User Access Forbidden
Content-Type: text/html
X-Akamai-Error-Code: 492

<html>
<head><title>User Access Forbidden</title></head>
<body>
<h1>492 User Access Forbidden</h1>
<p>Access denied. Contact the administrator
for access.</p>
</body>
</html>

How to fix

Verify the user belongs to a directory group assigned to the application in the EAA management portal. Open Application > Access and confirm the group mapping includes the affected user's group.

Check the access rules configured for the application. EAA evaluates rules in order, and an explicit deny rule matching the user's attributes blocks access even when a broader allow rule exists.

For TCP and tunnel applications, force the EAA Client to refresh its configuration. Restarting the client triggers an immediate sync with the management POP, pulling the latest access policies.

Review the EAA admin activity log to confirm the latest deployment completed successfully. A pending or failed deployment leaves the previous policy active on the data POP.

Takeaway

The 492 User Access Forbidden status code is an unofficial client error specific to Akamai EAA, returned when the user is authenticated but not authorized to access the application. Fixing the error requires verifying group assignments and access rules in the EAA management portal.

See also

Last updated: March 6, 2026