I wish to create a user in OKTA with status=Active and with no password reset status Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfkbqaw&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Katheresh JayaprakashKatheresh Jayaprakash 

I wish to create a user in OKTA with status=Active and with no password reset status

Hi Team

I am looking to create a user in OKTA with status=Active and with no password reset status. 

I understand that I can use the API's
{{url}}/api/v1/users?activate=false
and
{{url}}/api/v1/users/UserID/lifecycle/activate?sendEmail=false

to avoid sending mail to user to set his/her password. But by doing this I end creating the user in "active status" but in Password reset mode. 

Can you advise how I can achive  this.  

IF the above requirement is possible, then I have a query in terms of provisoning the above user to AD and allow the autogenerated password to be working fine for both logging into OKTA and AD. 

Sorry for the double requirement, but I believe you would be able to guide me on this. 

Thanks
Katheresh
SR IDP API (DO NOT DELETE)SR IDP API (DO NOT DELETE)
I recommend reviewing the user state diagram found here: 

https://developer.okta.com/docs/api/resources/users#user-status

In order for a user to transition to Active you must have a password.

You can create active users without sending activation emails but you must set the password either as clear text (captured at login for a JIT migration strategy or by prompting the user) or using an existing stored BCRYPT password hash. 
Katheresh JayaprakashKatheresh Jayaprakash
Hi Jeff,

Thanks for your respsone. 

As per the current architecutre requirement. We would sourcing Staff users from SuccessFactors onto OKTA and then provision them onto AD. 

As per your approach, can the default password being set during user creation be sent out to the user's manager ? 
Furthermore, if we go by JIT theory then how can I make the employee login into a laptop using his newly created credentials ? 

Further in our POC, we were able to identify the following. 

1. Create a user in OKTA throught API in active status. This would make the newly created user go into "Password Reset".
2. Provision the user to AD, OKTA sends out an autogenerated password. 
3. User logins into windows machine using the newly generated password. 
4. when the user access the his exchange account he would have recieved an "Welcome to OKTA" mail where he/she would be advised to change his/her passsword. 
5. The change in the password will be inturn pused to AD for the user for all SSO purposes. 

Not sure the above mentioned steps are a viable option to the requirement. 

Any thoughts.

Thanks
Katheresh
Adrian HaisanAdrian Haisan (Okta, Inc.)
Hello.

As Jeff suggested you can create activated users with a password via API.
The way to do it would be the following API call:
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
"profile": {
"firstName": "Isaac",
"lastName": "Brock",
"email": "isaac.brock@example.com",
"login": "isaac.brock@example.com",
"mobilePhone": "555-415-1337"
},
"credentials": {
"password" : {  "value": "tlpWENT2m" }
}
}'
"https://atko.oktapreview.com/api/v1/users?activate=true"

That way a new user would be created in Okta with a valid password and the status of the user would be set to "Active".

Thank you,
Adrian Haisan.
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team