Edit the Okta account management policy

Early Access release. See Enable self-service features.

Edit the Okta account management policy to configure your own enrollment and recovery requirements. Or, if you've already set up the policy, you can edit it if you need to change its rules. For example, if you use the policy for authenticator enrollment but want to use your password policy for self-service recovery, you can restore the legacy process.

To configure your policy for the most common use cases, see these topics.

• Add a rule for your enrolling your first phishing-resistant authenticator

• Add a rule for authenticator enrollment

• Add a rule for password recovery and account unlock

Edit the policy rules

The conditions and fields in the Okta account management policy are identical to those in an authentication policy. For defaults and definitions, see Add an authentication policy rule.

1. In the Admin Console, go to SecurityAuthentication Policies.

2. Select Okta Account Management Policy.

3. On the Rules tab, you can make these updates:

   • Change conditions in a rule by clicking ActionsEdit.

   • Add a rule by clicking Add rule.

   • Deactivate a rule by clicking ActionsDeactivate.

   • Delete a deactivated rule by clicking ActionsDelete.

   • Reorder the priority by dragging and dropping rules.

4. Click Update rule.

5. To switch between the account management policy and the legacy methods of self-service password recovery and account unlock, go to SecurityAuthenticators.

   1. In the Password row, click Actions Edit.

   2. In the Access control section, select Authentication policy or Legacy (the one that you're currently using is already selected).

   3. If you're switching to the Legacy option, indicate what the authenticator is used for.

6. Click Update rule.

Related topics

Okta account management policy