Okta service doesn’t handle expired passwords that well, i.e. it just fails the logon and user is not given the option to change the password Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmk9qai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Spiros BliasSpiros Blias 

Okta service doesn’t handle expired passwords that well, i.e. it just fails the logon and user is not given the option to change the password

It appears that the Okta service doesn’t handle expired passwords that well, i.e. it just fails the logon and user is not given the option to change the password.  This is the same if you use the VPN MFA profile or the Okta website, selecting one of the non-MFA profiles the VPN client asks you to change the password.
 
Kevin TurnerKevin Turner (Okta, Inc.)
Hi Spiros

That is not what I see, I'm able to try to login with a username and (expired) password. Okta will then forward the user on to a page where the old password needs to be re-typed along with the new AD password that meets the AD password policy , and then re-type the same new password. The user will then get logged in and the AD password gets updated as expected via the Okta AD agent.

Make sure the new password that you are providing meets the AD password policy, otherwise you might get failures that look like Okta is not performing correctly.