How to use pre-populated phone/email for SMS password self service?
We are having a large issue with Password Self Service adoption due to the requirement for a full registration PRIOR to using the password self service.
In our environment, we tightly manage cell phone data and email address data and synchronize it to AD and/or OKTA (depending on whether it's work or personal).
We would like to be able to pre-register the cell phone and/or email in the user's profile so it can immediately be used for password self service.
how can I make that happen?
If it's not possible, what are some options for improving adoption?
More info about our audience: We have a large population of "offshore" users who only occasionally log in to do things like update HR data or view evaluations. Since we have made OKTA the authentication source, if they haven't logged into OKTA for a YEAR, then their password has expired (even if they remember it).
@Shawn Unfortunately that is not a feature that Okta supports right now. While you can use the API to populate phone numbers, these are not the numbers which are used for SMS-based MFA.
So, how can you increase adoption? One way is to use a new feature we have in beta right now: MFA Enrollment Policy. This allows an admin to require that certain MFA methods be enrolled upon first login into Okta. This way, users can be forced to enroll on day one, regardless of whether they have had an opportunity to use MFA yet.
if they are okta mastered you could potentially prepopulate the security question answer as it is part of the credential object (it would require using the API). This would of course require a high degree of confidence that you know something that you could ask the user that only they would know. From a security perspective i would say this is a bad idea in most cases.
I think Eric is spot on. Ensuring that your users have established password reset elements as well as multifactor auth elements is going to be the best course of action.
As far as getting beta/EA features enabled, a support ticket is the fastest way i've seen to get feature flags turned on. Just let them know which org and which feature.
We are also looking for this functionality. We have Okta mastered users that would benefit greatly by being able to reset their password with an SMS. The process to have them enroll their phones themselves would be lengthy and involved. It would simplify things to be able to back-load this data to allow the users this functionality.