Using secondary email for provisioning new Okta accounts, for password resets, and for account unlocks is insecure since we cannot be certain about the controls protecting the secondary email. A bad actor could compromise the secondary email and use that to access Okta. In our case, the primary email is only accessible via Okta, so we can't use that either. Are there any alternatives to secondary email for creating new Okta users?
I'm asking what is the recommended onboarding method for new users if secondary email is not used? The new user doesn't have access to their business email yet since that access is gated by Okta. How can Okta signup be provided securely to users without involving their personal email? And this does extend to password resets and account unlocks - what are the alternatives to secondary email for those actions?