Okta Help Center - Questions Skip to main content
Ask Search:
Leif DreizlerLeif Dreizler 
Instead of requiring the user to follow a password reset link, it would be much more convenient to give them a temporary password for their first login. 

This issues arises because we are using Okta + gMail. The user doesn't have access to their work gMail account until they have setup Okta, but Okta wants to send them a password reset token to the email (which they haven't set up yet).

We are currently forced to add the user's personal email address for activation, and then remove that email once the account has been setup. I worry that we may forget to remove the personal email address, which is a security concern for me.
Best Answer chosen by Niki (Okta, Inc.) 
NikiNiki (Okta, Inc.) 
HI Leif, 

Feature requests need to be submitted under the Ideas zone (https://support.okta.com/help/ideas/ideaList.apexp) of the community. You are currently in the Questions zone.
In the top right navigation bar you will see:

Please choose Ideas and submit there so other Okta Admins can vote on the idea and our product management team can review and comment on it.

Thank you
Jatin VaidyaJatin Vaidya 
Hi All,

1. How frequently are AWS roles refreshed, i.e. pulled into Okta?
2. Can this be done via an API call?

Best Answer chosen by Jatin Vaidya
Jatin VaidyaJatin Vaidya
Hey all,

I got the following info from support:

Applications > Applications > Refresh Application Data

Alex ShchukinAlex Shchukin 
Is there a way to configure Deltek Time & Expense to integrate with Okta SSO?
Best Answer chosen by Niki (Okta, Inc.) 
James FloresJames Flores (Okta, Inc.)
Hi Alex, 

If Deltek is not currently in the Okta Application Network as a SAML app you can create your own SAML app as long as Deltek supports SAML 2.0. To help you get started take a look at the Application Integration Wizard here, https://support.okta.com/help/articles/Knowledge_Article/Using-the-App-Integration-Wizard
Best Answer chosen by Niki (Okta, Inc.) 
Eric KnittelEric Knittel (Okta, Inc.)
This is not possible if using the out of the box Okta flows.  In order to do this you woul dneed to manage users via the Okta API and send your own emails.  

The ability to use a custom "from" address for email sent from Okta is a feature request that is being considered, but not available today.
Daphne BruneDaphne Brune 
Sorry for the n00b question, but I've been searching all over the place with no luck.  I received this Action Required email telling me I need to test my SAML apps in the preview, and I see references all over the place to preview orgs, but I can't figure out how to get to mine.  Clicking on the Okta Preview Sandbox – Release 2016.44. link just takes me to a release notes page.  HALP!
Best Answer chosen by Daphne Brune
Louis WinterLouis Winter
Just figured it out... Go to https://www.okta.com/developer/signup/ and signup for a developer account.  This will create an account in the preview environment.  Once you have your account setup the preview environment will work like the production environment.  None of the apps you have setup in production will exist so you will need to setup any apps you want to test.
Best Answer chosen by Carl Miller
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Thomas KuehnThomas Kuehn 
The JIRA On-Premise Okta Toolkit 2.0.2 is officially tested and supports 7.1.2. Has anyone had any success running it with JIRA 7.1.9?
Best Answer chosen by Thomas Kuehn
Thomas KuehnThomas Kuehn
Just if anyone is wondering, we were able to sucessfully upgrade to JIRA 7.1.9 using the 2.0.2 toolkit.
Eric KegleyEric Kegley 
Right now it's looking like Okta RADIUS is a global policy, but I'l like to use Okta RADIUS to force MFA for multiple VPN connections which would use different Okta groups to determine who gets to log on to each one. I am not having good luck with the fine-grained LDAP example in the Okta documentation. I can do the coarse grained MFA and the LDAP Group look up separately, but the two together are not working. Figured that Okta knows the source of the RADIUS call, that address should be able to be used to set up some rules
Best Answer chosen by Niki (Okta, Inc.) 
Lee TschetterLee Tschetter (Okta, Inc.)
The functionality you are looking for is currently on our roadmap for this year. There will be more flexibility and device awareness as part of our RADIUS enhancements.
Brian GlaserBrian Glaser 
I want to remove that link at teh bottom of the page beacuse noboy uses it correctly and we end up with no related requests when using that link. I want to remove/disable it from the mainpage, but do not see any options to do so. 
Best Answer chosen by Niki (Okta, Inc.) 
James GarvinJames Garvin (Okta)
Okta Admin -> Settings -> Appearance -> Display Options -> Okta Home Footer
Jonny FordJonny Ford 
I'm looking into creating a script to change a password on a Mac, Keychain and on OKTA at once. 

I've come up with the following but
a) the variables aren't being passed into the script
b) I'm not getting a stateToken from the first authn API call. Can I use the sessionToken? 

Any suggestions? 


# Set variables
user=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
oldPassword=`osascript -e 'Tell application "System Events" to display dialog "Enter your current network password:" **with hidden answer** default answer ""' -e 'text returned of result' 2>/dev/null`
newPassword=`osascript -e 'Tell application "System Events" to display dialog "Enter your new network password:" **with hidden answer** default answer ""' -e 'text returned of result' 2>/dev/null`

# Find out current user state
curl -v -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d '{  "username": "${user}",  "password" : "${oldPassword}",        "options": {    "multiOptionalFactorEnroll": false,    "warnBeforePasswordExpired": true  }}' "https://${org}.okta.com/api/v1/authn"

# Change Password
curl -v -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d '{ "stateToken": "007ucIX7PATyn94hsHfOLVaXAmOBkKHWnOOLG43bsb",    "oldPassword": "${oldPassword}",  "newPassword": "${newPassword}" }' "https://${org}.okta.com/api/v1/authn/credentials/change_password"

# Change password on local account
dscl . -passwd /Users/$user $newPassword $oldPassword

# Check if Keychain is locked, is so try $oldPassword to unlock
security unlock-keychain -p $oldPassword ~/Library/Keychains/login.keychain

# Change Keychain Password to $newPassword
security set-keychain-password -o $oldPassword -p $newPassword ~/Library/Keychains/login.keychain
Best Answer chosen by Jonny Ford
Gabriel SrokaGabriel Sroka (Okta, Inc.)
I find using \" with JSON can get a little confusing:
echo "{\"username\": \"${user}\"}"

Another way to do it is using both single and double quotes:
echo '{"username": "'"${user}"'"}'

Here's an example using curl. This one uses both single and double quotes for the -d parameter--single quotes around the JSON double quotes, and double quotes for the shell variables:
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
  "username": "'"${user}"'",
  "password": "'"${oldPassword}"'",
  "options": {
    "multiOptionalFactorEnroll": false,
    "warnBeforePasswordExpired": true
}' "https://${org}.okta.com/api/v1/authn"