How can I enforce/monitor the password strength of SWA apps?
I'm currently evaluating Okta for use in our small business. I couldn't find the answer to one important use case.
I want to use Okta to store the login credentials of my employees of different web apps we use in our company (mail, PM, time tracking, ...) - unfortunately those are not SAML capable. That works fine. However, I'm not protected against weak passwords in those apps. For example, one of my employees could ignore Okta's password suggestions and choose "asdfasdf" as password and store it in Okta and everything would be just fine.
Can Okta monitor these cases and protect me there? Provide me a report of weak passwords so that at least I know about these cases? Or even refuse to store insecure passwords?
Thank you for reaching out to Okta Support! Currently, Okta can enforce users to use a specific password if "Administrator sets username, password is the same as user's Okta password " is selected or if "Administrator sets username and password" is set. For the moment, Okta does not log into reports the passwords set by the user. In regards to the insecure password, there might be cases where the users would log into the application in a browser that does not have the Okta Browser Plugin installed/ enabled and perform a password change for the app. Although these are the current options for setting the passwords, you can always recommend the users to update the password for the apps as suggested by the plugin, as it complies with the settings defined in Okta regarding the password policy.
Thank you, Cristian Mondiru Technical Support Engineer