Setting Up A Mobile - AD Password Reset Link Skip to main content
https://support.okta.com/help/answers?id=906f0000000blnbiay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
ThomasThomas (Okta, Inc.)  

Setting Up A Mobile - AD Password Reset Link

Hello there - we've been using Okta successfully for a while and are embarking on some discovery with the self-service password reset functionality. 

We are AD Mastered, and the service account has the correct permissions to change AD passwords. Codes can be sent to registered SMS device and this has been tested without issue.  The main thing I think I'm missing is: Where the reset password on the Okta Mobile App?  I don't see a link and if I provide correct org name and ID but wrong password, it just dumps back to Sign In page without option to reset.

On a mobile browser, I can access link and everything works as envisioned. Is there a reason a reset link is not provided for Okta Mobile?  I'd like to get user comfortable with a one-stop app, vs: go here for *this* use-case...

Original Author: Jody Tyrus

Best Answer chosen by Thomas (Okta, Inc.) 
ThomasThomas (Okta, Inc.) 

Hey Ed,

So to be clear, what we have recently released is the ability to change your AD password from Okta Mobile. You must know your current AD password to execute that flow. We have not introduced a "Forgot my password" flow into Okta Mobile yet. There are security considerations that must be addressed in order to safely execute that flow. If the phone is lost or stolen and unlocked, then a malicious agent would have access to both email and MFA to make an unauthorized password change. Once we introduce Touch ID or other non-device dependent auth gate then we will begin to look at "Reset my password" from the device.

Original Auhtor:  Arturo Hinojosa, Okta

All Answers

ThomasThomas (Okta, Inc.) 

Hi Jody,

Glad to hear you are happy with Okta so far!

Unfortunately there is no link to reset your password through Okta Mobile today - however, that's an option that we plan to add in the next 30 or 60 days.

If you send me your contact information to arturo.hinojosa@okta.com I can send you a note when the password reset link is due to be released.

Origintal Author:  Arturo Hinojosa, Okta

ThomasThomas (Okta, Inc.) 

Interesting ... there are perhaps 2 different use case(s) here ...

  1. Forgotten AD password reset which prevents user from registering and accessing Okta mobile for the 1st time (because the 'registration/ 1st access' page requires you to enter org name/ ID and AD password, or after sign out- but this is infrequent.)
  2. Forgotten AD password reset which does NOT prevent user from accessing Okta mobile on 2nd and subsequent attempts, because access is now protected by mobile pin, but where the user cannot use Windows desktop or Okta browser (use cases) and wants to use Okta Mobile as a secondary device/ route to reset forgotten AD password

Don't know how useful 2 would be (it can be acheived in the Okta browser) and I can see a problem - (we don't know if they have forgotten their mobile pin as well or not,) or whether it should be before or after the "Enter your PIN" page

Original Author:  Edward Holliday, Okta

ThomasThomas (Okta, Inc.) 

Hey Ed,

So to be clear, what we have recently released is the ability to change your AD password from Okta Mobile. You must know your current AD password to execute that flow. We have not introduced a "Forgot my password" flow into Okta Mobile yet. There are security considerations that must be addressed in order to safely execute that flow. If the phone is lost or stolen and unlocked, then a malicious agent would have access to both email and MFA to make an unauthorized password change. Once we introduce Touch ID or other non-device dependent auth gate then we will begin to look at "Reset my password" from the device.

Original Auhtor:  Arturo Hinojosa, Okta

This was selected as the best answer