Scenario: user has been recently provisioned in Okta and needs to log in/activate for the first time. User ignored the activation email and it expired. We assume the user knows their Okta username, but not their password. We'd like to provide the user a way to authenticate to Okta without admin intervention. Need: We'd like to have Okta prompt the user for some bit of info that is in the profile (say, birthday, employeeID, etc) as a verification the user is who they say they are, rather than go through the email link/wait/reset password process Question:Has anyone found a way to do that in Okta?
I understand that the scenario you are describing is where a new user has been imported/created in Okta and an activation email has been sent (and expired) before the user has an opportunity to initiate the new user password flow.
Once the described situation has occurred, the user must receive a new activation link generated by the Okta administrator. This is mainly due to the fact that the new user has not gone through the setup of security questions that allows a user to initiate a password reset flow. Unfortunately there is not currently a way to trigger a password reset flow using other values within the user's account profile. The only method for password reset validation are the security questions that the end user sets up during the new user activation flow. If that process has not yet occurred the user cannot verify against any other information in their Okta profile.