Expire a user's password on the Okta Admin Console

To expire a user's Okta password, you assign them a temporary password. The user will be required to change their password the next time they sign in. After you generate a temporary password, you cannot create a password reset link. The following message is displayed when viewing the user: Password reset. User is now in one-time password mode.

  1. In the Admin Console, go to DirectoryPeople.
  2. Click a user name in the Person & Username column.
  3. Click Reset Password.
  4. Select one of these options:
    • Reset Password Link — Select this option to send a password reset link to the user's primary and secondary (if applicable) email addresses. The password reset link expires one hour after it is sent.

      When this option is selected for Active Directory (AD) sourced users, the AD user can continue using their existing password until the link is selected.

    • Temporary Password — Select this option to create a temporary password is created for the account. When selected, the account is marked as expired. The temporary password is displayed for your information. Be sure to distribute the new password to the user securely; for example, by email or voice mail. The next time the user signs in to Okta, they must enter the temporary password and create a new password. Click Close to exit the Reset Password dialog box.

      When this option is selected for AD sourced users whose AD account has the Password never expires option enabled, the user is not prompted to change their password after entering the temporary password. If the Password never expires option is not enabled, the original password can no longer be used.