← Back to blog
· 13 min

Not Authorized Message: What It Means, Why It Happens, and How to Fix It

A not authorized message means the system recognizes that an action is being attempted, but the account, session, permission, token, or connection does not currently have the right access to complete...

Not Authorized Message: What It Means, Why It Happens, and How to Fix It

Author: Saylink

A not authorized message means the system recognizes that an action is being attempted, but the account, session, permission, token, or connection does not currently have the right access to complete it. In plain English: the platform is saying, “This request is not allowed with the access currently available.”

For your business, that message can show up in a few places: when signing in, connecting a LinkedIn account, using an automation tool, accessing a dashboard, sending a message, or trying to trigger a comment-to-DM workflow. It is not always a sign that something is broken. Often, it means a permission expired, an account role changed, a browser session is stale, or a connected integration needs to be reauthorized.

If your business relies on LinkedIn lead capture, especially comment-to-DM automation, a not authorized message matters because it can stop a lead flow at the exact moment someone is engaging with your content. The good news: most authorization issues are fixable with a structured check of account access, permissions, sessions, and integration status.

What does a not authorized message mean?

A not authorized message appears when a user or app tries to perform an action without the necessary permission.

It is related to access control. The platform may know who the user is, but it does not allow the requested action. That is the key difference between authentication and authorization:

  • Authentication answers: “Who are you?”
  • Authorization answers: “Are you allowed to do this?”

For example, someone may successfully log in to a tool, meaning authentication worked. But if that person tries to connect a LinkedIn page, send a message, access a workspace, or manage another user’s automation without the required role, authorization can fail.

That is when a not authorized message appears.

In day-to-day use, the message can mean:

  • The account does not have the right role
  • The LinkedIn connection has expired
  • The browser session is outdated
  • The integration token is invalid
  • The user is trying to access the wrong workspace
  • A security rule is blocking the action
  • The platform requires the account to reconnect through a hosted OAuth layer
  • The connected LinkedIn account was removed, restricted, or changed

The wording can vary. Some tools say “not authorized.” Others say “unauthorized,” “access denied,” “permission denied,” “you do not have access,” or “connection expired.” The underlying idea is usually the same: the action cannot continue until access is restored.

Why a not authorized message happens

A not authorized message is frustrating because it often appears without much explanation. But most cases fall into a few common categories.

1. The account is logged in, but lacks permission

This is one of the most common causes. A user may be logged into a platform but not have the correct permission level.

For example, your business may have several people working on LinkedIn campaigns. One person may own the workspace, another may manage content, and another may only view reports. If the viewer tries to edit an automation or connect a LinkedIn account, the platform may return a not authorized message.

This can also happen when someone is using the wrong account. If a person has both a personal login and a company login, the browser may automatically use the wrong session.

2. The LinkedIn connection needs to be refreshed

LinkedIn-related tools often rely on a secure connection between the user account and the software. If that connection expires or becomes invalid, the system may not be able to perform actions on behalf of the user.

With a first-party LinkedIn integration or hosted OAuth layer, authorization depends on the user granting access through the official login and permission process. If that authorization expires, is revoked, or gets interrupted, the connected tool may show a not authorized message.

This does not necessarily mean the tool is down. It may simply mean the LinkedIn account needs to be reconnected.

3. The browser session is stale

Sometimes the issue is local. A stale browser session can cause the app to think the user is not authorized, even if the account itself is fine.

This can happen after:

  • Staying logged in for a long time
  • Switching between multiple accounts
  • Changing passwords
  • Updating security settings
  • Using several browser tabs
  • Blocking cookies
  • Using strict privacy settings
  • Logging in through a password manager that selects the wrong account

A simple logout and fresh login can often solve this version of the problem.

4. The user is in the wrong workspace or account

Many software tools support multiple workspaces, organizations, or client accounts. A user may have access to one workspace but not another.

For agencies, consultants, and internal marketing teams, this is easy to miss. Someone may be looking at the wrong client workspace and attempting to open an automation that belongs elsewhere.

When this happens, the not authorized message is doing its job. It prevents one workspace from accessing another workspace’s assets.

5. A password or security setting changed

Security changes can invalidate existing sessions and connected apps.

A not authorized message may appear after:

  • A LinkedIn password change
  • Two-factor authentication updates
  • A company SSO policy change
  • A user role update
  • Account recovery
  • Admin permission changes
  • Revoked third-party access

If your business recently tightened security or changed account ownership, connected automations may need to be reviewed.

6. The platform blocked an action for compliance reasons

Some systems prevent actions that appear unsafe, unsupported, or outside the tool’s permission model. This is especially relevant in automation.

Responsible LinkedIn automation should be narrow, permission-aware, and built around clear user intent. For example, Saylink focuses on a single-trigger, single-action workflow: someone comments on a LinkedIn post, then receives a LinkedIn DM tied to that trigger. It is designed around the same comment-to-DM idea that made ManyChat popular on other channels, but Saylink is LinkedIn-exclusive.

If a requested action falls outside what a platform supports, the system may reject it with an authorization-style error.

Not authorized message vs unauthorized message

“Not authorized” and “unauthorized” are often used interchangeably, but there can be a small technical distinction.

A 401 unauthorized error usually means the system cannot verify valid credentials. In other words, the user may not be properly authenticated.

A 403 forbidden error usually means the system knows who the user is, but the user does not have permission to perform the action.

However, many apps simplify these terms for users. Instead of showing “401” or “403,” they may display “not authorized message” or “you are not authorized.”

For most business users, the fix is similar: confirm the correct account, refresh the session, check permissions, and reconnect the integration if needed.

How to fix a not authorized message

The fastest way to fix a not authorized message is to move from simple checks to deeper permission checks. Start with the basics before assuming the problem is technical.

Step 1: Confirm the correct account is being used

First, check whether the user is logged into the intended account.

This matters because browsers often keep multiple sessions alive. A person may be logged into the wrong Google account, wrong LinkedIn account, or wrong workspace without realizing it.

Check:

  • The email address shown in the app
  • The LinkedIn profile currently connected
  • The active workspace or organization
  • Whether the user has multiple accounts open in different tabs
  • Whether the browser auto-filled the wrong login

If there is any doubt, log out completely and sign in again.

Step 2: Refresh the browser session

A stale session can produce authorization errors even when permissions are correct.

Try this sequence:

  1. Log out of the app
  2. Close extra tabs
  3. Clear site cookies for the affected app, if needed
  4. Open a fresh browser window
  5. Log in again
  6. Repeat the action

If the issue disappears, the problem was likely session-related.

For teams, it can also help to test in another browser. If the action works in Chrome but not Safari, or works in a private window but not a normal one, the issue may be local browser storage, extensions, or cookie settings.

Step 3: Check user role and workspace access

If the user is inside a business tool, check role permissions. Not every user should be able to connect accounts, edit automations, manage billing, or change workspace settings.

Look for role differences such as:

  • Owner
  • Admin
  • Manager
  • Editor
  • Viewer
  • Client user

If a user needs to reconnect LinkedIn or manage a campaign, they may need admin-level access. If the business uses multiple workspaces, confirm the user has access to the specific workspace where the automation lives.

Step 4: Reconnect LinkedIn through the hosted OAuth layer

For LinkedIn workflows, the most important fix is often reconnecting the LinkedIn account.

If a first-party LinkedIn integration uses a hosted OAuth layer, the user must approve access through the proper authorization flow. If that connection expires or is revoked, the automation may not be allowed to send the triggered DM.

A clean reconnection can solve issues caused by:

  • Expired authorization
  • Changed LinkedIn credentials
  • Revoked app access
  • Account security updates
  • Interrupted permission grants
  • Changed account ownership

The key is to reconnect the same LinkedIn account that owns or manages the campaign. If the wrong profile is connected, the system may still show authorization issues.

Step 5: Review recent changes

When a not authorized message appears suddenly, something usually changed.

Ask whether any of these happened recently:

  • A user changed their password
  • A LinkedIn account was switched
  • An admin removed access
  • A billing or plan setting changed
  • A browser extension was installed
  • Security settings were updated
  • A team member left the company
  • The campaign owner changed roles
  • The account was disconnected and reconnected

This kind of timeline often reveals the cause quickly.

Step 6: Check whether the action is supported

Sometimes the message appears because the user is trying to do something the platform does not support.

This is especially important when comparing automation tools. ManyChat is widely known for comment-to-DM workflows on supported social channels, but ManyChat does not support LinkedIn. That creates confusion for marketers searching for a “ManyChat alternative” for LinkedIn.

Saylink is positioned differently: it is like ManyChat for LinkedIn in the specific sense that it supports a comment-to-DM trigger, but it is LinkedIn-exclusive. The model is intentionally simple: one trigger, one action. A person comments on a LinkedIn post, and the system sends the configured DM.

That means if your business expects complex visual flows, multi-step sequences, conditional branching, or a chatbot-style interface, that is not the authorization issue to solve. It is a platform-fit issue. Saylink is built for focused LinkedIn comment-to-DM lead capture, not broad chatbot automation across multiple channels.

Not authorized message in LinkedIn comment-to-DM automation

A not authorized message can have a direct impact on LinkedIn campaigns because authorization is tied to message delivery.

Here is a typical scenario:

  1. Your business publishes a LinkedIn post
  2. The post asks people to comment a keyword or phrase
  3. A prospect comments
  4. The automation should send a LinkedIn DM
  5. The system cannot access the connected LinkedIn account
  6. A not authorized message appears in the tool or action log

In this situation, the lead showed intent, but the automated response could not be delivered. That is why authorization health should be part of campaign setup, not an afterthought.

Before launching a LinkedIn comment-to-DM campaign, check:

  • The correct LinkedIn account is connected
  • The person managing the campaign has workspace access
  • The connected account has completed the authorization flow
  • The post selected for the trigger is available to the connected account
  • The DM copy is configured
  • The automation is active
  • The account has not recently changed passwords or security settings

For your business, this is similar to checking a landing page form before running paid traffic. The campaign may look ready, but if the connection fails, leads can slip through.

Why authorization matters for lead capture

Authorization is not just a technical detail. It protects accounts, controls access, and keeps customer data from being exposed to the wrong people.

For LinkedIn lead generation, it also affects speed. If a prospect comments on a post asking for a guide, checklist, template, or resource, timing matters. The DM should arrive while the prospect still remembers the post and expects the response.

A not authorized message can interrupt that moment.

This is one reason a focused LinkedIn workflow can be useful. Instead of asking your team to stitch together scraping tools, browser automation, spreadsheets, and manual follow-up, a LinkedIn-exclusive comment-to-DM setup keeps the workflow narrower and easier to monitor.

Other tools serve different purposes. Phantombuster is often associated with data extraction and automation tasks. Expandi and Dripify are commonly discussed in the context of LinkedIn outreach. LeadShark is another name marketers may compare when researching LinkedIn prospecting. ManyChat is the familiar benchmark for comment-triggered messaging on other channels. The important distinction is that ManyChat does not support LinkedIn, so businesses looking for that same comment-to-DM mechanic on LinkedIn need a LinkedIn-specific option.

How to prevent not authorized messages

Fixing the issue is useful. Preventing it is better.

Keep account ownership clear

Every campaign should have a clear owner. If several people manage the same LinkedIn workflow, define who owns the connected LinkedIn account, who can edit the automation, and who checks authorization before launch.

Unclear ownership leads to preventable access issues.

Avoid unnecessary account switching

Frequent switching between LinkedIn accounts can create confusion. It increases the chance that the wrong profile gets connected or the wrong session is used.

If possible, use dedicated browser profiles for different business accounts. This keeps cookies, sessions, and logins separate.

Recheck authorization before major campaigns

Before a high-visibility post goes live, verify the connection. This is especially important if the campaign depends on people commenting to receive a DM.

A simple pre-launch checklist can include:

  • Confirm active LinkedIn connection
  • Confirm correct post or trigger
  • Confirm message copy
  • Confirm automation status
  • Confirm user permissions
  • Confirm no recent password or role changes

This takes a few minutes and can prevent missed leads.

Review access after team changes

When a team member leaves or changes roles, review permissions immediately. Remove access that is no longer needed and make sure the new owner can manage the campaign.

This protects the business and reduces the chance of broken workflows.

Keep the workflow simple

Complex automations create more places for authorization problems to appear. A simple comment-to-DM setup is easier to understand, test, and maintain.

That is the logic behind a single-trigger, single-action approach. It gives your business a clear path: LinkedIn comment in, LinkedIn DM out. When something goes wrong, it is easier to identify whether the issue is account access, post selection, message setup, or authorization.

When to contact support

If the basic fixes do not work, support may need specific information to diagnose the issue.

Before contacting support, collect:

  • The exact not authorized message text
  • The affected account email
  • The connected LinkedIn profile
  • The workspace or campaign name
  • The action that triggered the error
  • The time the issue occurred
  • Whether the account password or role changed recently
  • Screenshots, if available

Avoid sending passwords or sensitive security codes. A good support request explains what happened, where it happened, and what was already tried.

Final takeaway

A not authorized message means the current account, session, or integration does not have permission to complete the requested action. In most cases, the fix is practical: use the correct account, refresh the session, check workspace roles, and reconnect LinkedIn through the hosted OAuth layer if needed.

For LinkedIn lead generation, authorization is especially important because it can affect whether a comment-to-DM campaign actually sends the promised message. If your business wants the familiar ManyChat-style comment-to-DM experience, but specifically for LinkedIn, a LinkedIn-exclusive setup keeps the workflow focused and easier to manage.

Start using LinkedIn comment-to-DM automation

Saylink helps your business turn LinkedIn post comments into automated LinkedIn DMs with a simple single-trigger, single-action workflow.

Get started with Saylink

Turn LinkedIn engagement into qualified leads

Saylink turns post comments into DMs — lead-magnet delivery, opt-in flows, and TOS-aware outreach. Like ManyChat, but for LinkedIn.

Get started