I have both the boxes checked for changing their password and unlocking their account under the "Delegated Authentication". The part I am trying to figure out is how does a user unlock their account? I see that you can do it in association with SMS (which we have set up), but I do not have the password polciy tab to actually do that.
Here is the document I have been looking at - https://support.okta.com/help/articles/Knowledge_Article/Configuring-Group-Password-Policies
I am looking under the "Configuring Password Policy Rules " section.