About group password policies

Group password policies enforce password settings on the group or authentication-provider level. Like the organization-wide password policy, group password policies enable you to configure SMS and voice call for self-serve password resets. Group password policies can be applied to Okta-mastered or Active Directory-mastered users, but because Active Directory defines and enforces its own password settings, many group password policy options are unavailable for these users. Consider delegated authentication for Active Directory-mastered users.

  • This feature must be enabled for your org. If your org hasn't enabled this feature, you can set up self-service password reset in your organization-wide password policy.
  • Some orgs may use additional group password policy features to disable email as the default recovery method.

To add a group password policy, see Creating Group Password Policies.