Expire a user password using the Okta API

The Okta API provides a credential life cycle operation to expire a password for a specific user. The API provides the flexibility to expire only the current password without generating a new temporary password.

If your Okta organization powers an external user portal, the bulk password expiration feature may not be a viable solution. To use bulk expiration, your portal must support a password expiration flow and handle the following error code for the Create Session API operation.

Error code: E0000064
Description: Password is expired and must be changed.
HTTP return code: 401

If you change the default password policy to expire passwords or use the bulk password expiration feature, your application must handle this error.