Password reset when "Challenge Question" has not been set Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rajiv PrabhakarRajiv Prabhakar 

Password reset when "Challenge Question" has not been set

Hi. We have a very lightweight low-security app, for which we've created a bunch of users using the Create-User-With-Password API detailed here:

Notably, there is no recovery question/answer set, because we want to make the user-signup process as simple and quick as possible.

Now, when the above users try to reset their password, they receive the email successfully, but are then prompted to answer a non-existant "Forgotten Password Challenge", which they have no idea how to fill.

Is this expected? How can a user reset his password when he doesn't have any recovery question set up?
Kevin TurnerKevin Turner (Okta, Inc.)
Hi Rajiv

This is something that we've had requested a few times more recently and we are working on options to configue optionally the need for the security question to be answered. There was a little while ago a small beta test where a feature flag DISABLE_SECURITY_QUESTION_FOR_RECOVERY could be switched on. You might like to get in touch with support to see if this can be used.

Some customers might not like this as it does obviously lower the security posture, but for some use cases like yours it might be suitable.

Thanks, Kevin
Kurtis DavisKurtis Davis
I would like to use this feature....Any updates on this?