real time self service activation/pwd reset Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0qkiak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Servicenow passwordresetServicenow passwordreset 

real time self service activation/pwd reset

Scenario: user has been recently provisioned in Okta and needs to log in/activate for the first time.  User ignored the activation email and it expired. We assume the user knows their Okta username, but not their password.  We'd like to provide the user a way to authenticate to Okta without admin intervention.
Need: We'd like to have Okta prompt the user for some bit of info that is in the profile (say, birthday, employeeID, etc) as a verification the user is who they say they are, rather than go through the email link/wait/reset password process 
Question:Has anyone found a way to do that in Okta? 
Nick AscencioNick Ascencio (Okta, Inc.)
Hello,

I understand that the scenario you are describing is where a new user has been imported/created in Okta and an activation email has been sent (and expired) before the user has an opportunity to initiate the new user password flow.

Once the described situation has occurred, the user must receive a new activation link generated by the Okta administrator. This is mainly due to the fact that the new user has not gone through the setup of security questions that allows a user to initiate a password reset flow. Unfortunately there is not currently a way to trigger a password reset flow using other values within the user's account profile. The only method for password reset validation are the security questions that the end user sets up during the new user activation flow. If that process has not yet occurred the user cannot verify against any other information in their Okta profile.

An alternative for AD users would be to utilize the Just In Time (JIT) provisioning feature in Okta instead of generating an activation link when a new user is imported from AD into Okta. More information on JIT can be found here: https://support.okta.com/help/articles/Knowledge_Article/27715118-Enabling-Just-In-Time-Provisioning

Thank you,
Nick Ascencio
Okta Global Customer Care