Reset a user password

You can reset a user's password, whether their account is in University Directory (UD), Active Directory (AD), or Lightweight Directory Access Protocol (LDAP).

  1. In the Admin Console, go to DirectoryPeople.
  2. Find and select the user whose password you want to reset.
  3. Click Reset or Remove password.
  4. Choose a Reset password option.
    • Send a password reset password email: Choose this option to send an email with a password reset link to the user's primary and secondary email addresses. Their password is immediately reset. The link expires in one hour.
    • Create a temporary password: Choose this option to set a temporary password for the user. The user's account is marked as expired, and the user must change their password upon signing in.
  5. Optional. Select Sign out user to sign the user out of all devices and browsers.
  6. Click Reset password.

AD-sourced users in a Delegated Authentication environment

When a password is reset, the original password doesn't expire in AD. If the user remembers their original AD password, they can use it to sign in despite the password reset.

If you select both the Temporary Password and Password never expires options, the user isn't prompted to change their password after entering the temporary password.

LDAP-sourced users in a Delegated Authentication environment

If you set a temporary password for an LDAP-sourced user, they must change their password the next time they sign in. This applies if the LDAP server password policy requires or allows it. To create password policies that support temporary passwords, consult the LDAP server manual provided by the vendor.

To deactivate user accounts temporarily, use the Suspend procedure. See Suspend and unsuspend users. If you set an AD-managed account into Password Reset status, the user can still access Okta Mobile by using PIN or FaceID authentication.