Password reset and account recovery
After you upgrade to Identity Engine, learn about the changes to password reset and account recovery.
|Change summary||Classic Engine: Users can reset their passwords with the Email, SMS, and Phone factors. SMS works for authentication but not password reset, and Security Question works for additional verification only.
Identity Engine: Password reset and account recovery is now called self-service account recovery. A single authenticator enrollment works for both recovery and authentication, and any enrolled authenticator provides additional verification.
If a password policy doesn’t allow password changes, you can't enable password resets.
Be sure that you enable the Okta Verify, Phone, Email, and Security Question authenticators if you want to make them available in the password policy. Enable the Push feature in Okta Verify to enable it as a recovery option.
If you decide to disable an authenticator later, you must disable it from the password policy first.
These enhancements secure and simplify the enrollment process for users:
|Related topics||Configure the Email authenticator|