Password changed notification for end users

When enabled, end users are sent an email notification to inform them that the password for their account has changed. This email contains details such as the time and location of the password change.

 

Note: End user notifications for passwords reset using delegated authentication (DelAuth) is not supported.

 

HealthInsight: Why is this task recommended?

This feature is a HealthInsight security task. For more security recommendations from Okta, see HealthInsight.

Security impact: High

End-user impact: Low

Okta recommends: Enable this email notification to inform end users when their password on their account has been changed or reset.

End-user experience and impact

End users are sent an email notification if they change or reset the password on their account. Password changed notifications are not sent if the admin sets a temporary password for the account or changes the password by API.

Procedure

To enable factor reset notification emails for end users:

  1. From the admin console, navigate to Security > General.
  2. Under Security Notification Emails, click Edit.
  3. Set Password changed notification email to Enabled.

    Enabling notifications so that end users receive an email when their password has been changed or reset.

  4. Click Save to continue.

Related topics