Expire a user's password on the Okta Admin Console

To expire a user's Okta password, you assign them a temporary password. The user will be required to change their password the next time they sign in. After you generate a temporary password, you cannot create a password reset link. The message Password reset. User is now in one-time password mode is displayed when viewing the user

  1. In the Admin Console, go to Directory > People.
  2. Click a user name in the Person & Username column.
  3. Click Reset Password.
  4. Select one of these options:
    • Reset Password Link: Select this option to send a password reset link to the user's primary and secondary (if applicable) email addresses. The password reset link expires one hour after it is sent.

      When this option is selected for AD sourced users, the AD user can continue using their existing password until the link is selected.

    • Temporary Password: Select this option to create a temporary password is created for the account. When selected, the account is marked as expired. The temporary password is displayed for your information. Be sure to distribute the new password to the user securely; for example, by email or voice mail. The next time the user signs in to Okta, they must enter the temporary password and create a new password. Click Close to exit the Reset Password dialog box.

      When this option is selected for AD sourced users whose AD account has the Password never expires option enabled, the user is not prompted to change their password after entering the temporary password. If the Password never expires option is not enabled, the original password can no longer be used.