How are previous password enforced during Forgot Password? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfmlqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Corey PerrymondCorey Perrymond 

How are previous password enforced during Forgot Password?

It appears that /api/v1/authn/credentials/reset_password allows for a previous password to be used? Is this due to Okta configuration or does this use the AD admin reset which bypasses the password history?
Cristian MondiruCristian Mondiru (Okta, Inc.)
Hello Corey,


  Based on the call that has been referenced in the question, the call will perform the operation on the user account, if the current setting allow it. However, in regards to setting the password through API, the password will be set as per the one mentioned in the call, as the flows are different (the one set through the call does not fall under Forgot Password). If you would like to verify specific information, based on your current environment and requirements, we recommend opening a support ticket so that we can provide you with specific technical guidance.

 
Thank you,
Cristian Mondiru
Technical Support Engineer
 
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team