Okta password change notification to downstream apps? Skip to main content
https://support.okta.com/help/answers?id=9060z00000078m9qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jatin VaidyaJatin Vaidya 

Okta password change notification to downstream apps?

Is it possible to send out "password changed" notification (i.e. user changes their own Okta password) from Okta to integrated downstream apps? ex. Office 365. Such a notification will enable the downstream app (ex. Azure) to invalidate the user's session or any active tokens the user may have.
Chris HancockChris Hancock (Okta, Inc.)
Hi Jatin, 

With regards to password changes Okta provides a Password Sync option for many apps that allow user provisioning. This includes the O365 application. As such if you are not using Federation as your authentication method for Office 365 you can enable the Password Sync component in the provisoning tab. 

User-added image
More information on the Password Sync can be found in our documentation here: https://support.okta.com/help/Documentation/Knowledge_Article/Password-Synchronization-Overview#OktaToApplicationSyncOktaPassword


However it is important to undertsand that Office 365 will not immediately revoke all sessions based on the user password changing and will be based on the refresh token lifetime as such when the refresh token is used to revalidate the users session they will be prompted to re-authenticate. More information on this can be found here: https://support.office.com/en-us/article/session-timeouts-for-office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40

If you are looking for another mechanism to forcefully terminate the sessions in O365 when they reset their password, you can look at the Okta and O365 powershell and utilise custom code to identify the user changing their password via a custom login page for Okta. When the password reset is successful you can either update O365 user password via the sync option above or via powershell and also, with powershell, terminate all Azure app sessions. The blog post below provides the powershell command at the end of the post.

https://blogs.technet.microsoft.com/educloud/2017/06/14/how-to-kill-an-active-user-session-in-office-365/

If the above is not the solution you are looking for I would recommend raising a support ticket so we can discuss your use case in more detail. 

Thanks,
Chris