Reset an individual user password

Password reset functionality is Generally Available for orgs using Active Directory (AD) and LDAP.

AD sourced users in a Delegated Authentication environment

When a password is reset, the original password does not expire in AD. If the user remembers their original AD password, they can use it to sign in despite the password reset.

If the Temporary Password option for an account is used with the Password never expires option enabled, the user is not prompted to change their password after entering the temporary password.

LDAP sourced users in a Delegated Authentication environment

When an admin creates a temporary password for LDAP sourced users, users must change their password when they next sign in if the LDAP server password policy requires or allows it. To create password policies that support temporary passwords, consult the LDAP server manual provided by the vendor.



To deactivate user accounts temporarily, use the Suspend procedure. See Suspend and unsuspend users. If you set an AD-managed account into Password Reset status, the user can still access Okta Mobile by using PIN or FaceID authentication.

  1. In the Admin Console, go to Directory > People.
  2. Click Reset Passwords.
  3. Optional. Filter the list by selecting Locked out, Expired token, or All.
  4. Select a user and click Reset Password.
  5. Click Reset Passwords in the Reset Password dialog box.