Enable users to reset their own password

You can enable users to reset their own passwords if:

  • They are AD-mastered users, or
  • They have SMS for self-service operations configured, or
  • They have Voice Call as an authentication factor configured.

For more information about SMS and Voice Call, see Multifactor Authentication .

Enable AD-mastered end users to reset their own password

You can enable self-service passwords resets for AD-mastered end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using apps to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control.. After you have done this, the Reset Password button appears for these end users.

Notes

  • This feature must be enabled for your orgThe Okta container that represents a real-world organization..
  • If you have the Group Password Policy feature enabled, the self-service password reset settings described here are overridden and the fields are not available.
  • When this feature is enabled, bulk password expiration includes AD-mastered users.

To enable self-service password reset for AD-mastered users:

  1. Go to Security > Delegated Authentication > Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management..
  2. Under Active Directory Password Policy, enable Users can change their Active Directory passwords in Okta.
  3. Under Password Rules Message, enable Users can reset forgotten AD password in Okta.

Enable users to reset their password using SMS

You can enable a user who has forgotten their password to reset it themselves using SMS . When SMS is configured, end users can have Okta send them a text message with a password reset code.

How you enable end user self-service password reset depends on whether Group Password Policy is configured for your org.

End user steps to set up SMS password reset

New users

New users can set up their phone for SMS password reset when they sign in to Okta for the first time. To enable this function, users need to complete the following task.

  1. Click Add phone number.
  2. Enter a mobile phone number when prompted. An initial verification code is sent to their phone.
  3. Enter the verification code as instructed, which then authenticates the user in to Okta.

Active users

Active end users can set up their phone for SMS password reset from their Home > Settings page. To enable this function, users need to complete the following task.

  1. Click their name at the top of their home page, and then select Settings.
  2. In the Forgot Password Text Message section, click Add phone number.
  3. Enter a mobile phone number when prompted. An initial verification code is sent to their phone.
  4. Enter the verification code as instructed, which then authenticates the user in to Okta.

End user steps to recover a password using SMS password reset

If admins enable SMS password reset, end users can recover a forgotten password by completing the following task.

  1. On the sign-in page, end users click the Forgot password? link.
  2. End users then click Send Text Message and continue through the prompts to reset their password.

Note: Invalid users who attempt entry through a Forgot Password or Unlock Account action will not see an error message. This is by design, as an error message could potentially reveal when a user name represents a valid account.

For more details, see SMS Authentication

End user steps to reset or reconfigure a phone

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

End users who lose a phone or get a new number can reset or reconfigure their phones by updating their Home > Settings page.

Enable users to reset their passwords using a voice call

You can enable end users who have forgotten their passwords to reset them using Voice Call authentication. With Voice Call configured, end users receive a call message from their mobile device or land line phone. This voice call provides a recovery code. The call is made in the default language for the user. The following languages are currently supported for voice calls. If the default language for a user account is not on this list, the call is made in English. You cannot customize the words in any language.

Chinese (simplified) French (Canada)
Chinese (traditional) German
Dutch Italian
English (US) Japan
English (UK) Korean
English (Canada) Spanish
French Taiwanese

For more details, see Voice Call Authentication.

How you enable end user self-service password reset depends on whether Group Password Policy is configured for your org.

Top