AD password reset Skip to main content
https://support.okta.com/help/answers?id=906f0000000hzrziac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jeff SwiftJeff Swift 

AD password reset

We're investigating the AD password change and AD password unlock feature within Okta to help users unlock their accounts and/or change their password when their account is locked.  

Can someone explain how the user accomplishes this if they lock their account and don't know their current AD password?  What happens if the user doesnt have access to a 2nd machine and can't get into their laptop?  I would love to hear what people are doing in real workd scenarios.  

Thank you.

Jeff
Raja NejemRaja Nejem (Okta, Inc.)

Hello Jeff,
 

Typically, users can go to another PC that has a web browser or on the browser on their mobile phone to reset their passwords through Okta.

Jeff SwiftJeff Swift
Raja - we tried that but the only option we have is to choose Forgot Password.  However, if the user can't access their email b/c the account is locked out or they don't kow their password to get into the email then how can they retieve the password reset link?  
Raja NejemRaja Nejem (Okta, Inc.)
Users can reset their passwords by either an email (secondary personal email) or through SMS.  

Turn on secondary email instructions. https://support.okta.com/help/articles/Knowledge_Article/27605443-Using-the-Okta-Settings-Page
Jeff SwiftJeff Swift
Raja - i'll need to contact support.  If we click Forgot Password and enter our passwod we reive the below email.  However, if the user is locked out or doesnt know their password then they cant log into their workstation to reset their password.  

Your Okta account is configured to use the same password you currently use for logging in to your organization's Windows network. Use your Windows account password to sign in to Okta. Please use the password reset function in Windows to reset your password.
Raja NejemRaja Nejem (Okta, Inc.)
Okta provides the capability to also unlock the account if that is available in your org.  You will have to turn the option on.  

You can also edit the emails sent to users under Admin > Settings > Emails
Lazaros KyrillidisLazaros Kyrillidis
I think that very soon you will need to enable SMS codes for Europe as well ;)
api-workday api-workdayapi-workday api-workday
Lazaros, Okta can do SMS outside of the US. It is something you have to pay additional for (per use or buy in blocks). It is something we have been evaluating as we have a global workforce (~50% in the US with the other 50% scattered everywhere but Antartica)

-Matt
Graham RellingerGraham Rellinger
If a user has not added a phone number or a secondary email address, how would they go about resetting their password via Okta? 
Matt DeWallMatt DeWall
I too got this email and went through through the scenarios.  Unless there's some magic you do in the API ahead of time the user needs to login at least once and setup their secondary email/security qeustions/security image etc before this works the way we want.  This meant I had to send my users a one time password, then set it to expire in AD.  When the user registers at Okta for the first time, they are are prompted to fill out their security questions, etc.  Subsequent password reset attempts will give them the link we'll all expecting.  On password reset, they have to provide an answer to their security question(s).  They may be able to bypass the questions if they registerd a secondary email or an SMS number - some sort of second factor, but I haven't had time to run through that scenario.
Langtech OrdersLangtech Orders
thanks Matt Dewall, that really helped point me in the right direction. I actually just pinpointed exactly what field is required to get the correct password reset email, and that is a secondary email address needs to be setup AND VERIFIED , other wise the password reset email will not be one that includes a link to reset it. Hopefully this helps someone.