Active User deprovisioned from Okta during import from AD
I had done an import in Okta and an active employee got deactivated after this. I could see in the okta logs that he was deactivated on import. We have activated him in Okta but he says has not received any email with password reset link. I even checked his spam folders, no success. His AD profile is active with okta groups and i am not sure why he has not received any email Can you please suggest!!
Are you using delegated authentication back to AD? If so then the user will not get an email. they can change their password via AD, or you could allow Okta to perform AD password resets by elevating the service account that's tied to the Okta AD agent. The user would then go to the Okta login page, and select "Forgot Password" option rather than recieve and email.
The reset user's password and an email notification is only used against Okta mastered users. If the user is now back to being AD mastered you cannot via the Okta admin interface reset the user's password, and hence cannot get the email notification.
Hi Kevin, the issue seems to be resolved now. When we checked with IT, we found that employee's first name was not updated/removed and Okta OUs were readded...i am workin on the preventive measure for this as an import should not deactivate user in Okta..not sure where the actual issue is...AD or Okta...i have asked IT to provide logs for the dates for further investigation....thank you for your update!