How are previous password enforced during Forgot Password?
It appears that /api/v1/authn/credentials/reset_password allows for a previous password to be used? Is this due to Okta configuration or does this use the AD admin reset which bypasses the password history?
Based on the call that has been referenced in the question, the call will perform the operation on the user account, if the current setting allow it. However, in regards to setting the password through API, the password will be set as per the one mentioned in the call, as the flows are different (the one set through the call does not fall under Forgot Password). If you would like to verify specific information, based on your current environment and requirements, we recommend opening a support ticket so that we can provide you with specific technical guidance.
Thank you, Cristian Mondiru Technical Support Engineer