How to use pre-populated phone/email for SMS password self service? Skip to main content
https://support.okta.com/help/answers?id=906f0000000blrriai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Shawn SaucierShawn Saucier 

How to use pre-populated phone/email for SMS password self service?

We are having a large issue with Password Self Service adoption due to the requirement for a full registration PRIOR to using the password self service.

In our environment, we tightly manage cell phone data and email address data and synchronize it to AD and/or OKTA (depending on whether it's work or personal).

We would like to be able to pre-register the cell phone and/or email in the user's profile so it can immediately be used for password self service. 

how can I make that happen?

If it's not possible, what are some options for improving adoption? 

More info about our audience: 
We have a large population of "offshore" users who only occasionally log in to do things like update HR data or view evaluations.  Since we have made OKTA the authentication source, if they haven't logged into OKTA for a YEAR, then their password has expired (even if they remember it).
Eric KarlinskyEric Karlinsky (Okta, Inc.)
@Shawn Unfortunately that is not a feature that Okta supports right now. While you can use the API to populate phone numbers, these are not the numbers which are used for SMS-based MFA.

So, how can you increase adoption? One way is to use a new feature we have in beta right now: MFA Enrollment Policy. This allows an admin to require that certain MFA methods be enrolled upon first login into Okta. This way, users can be forced to enroll on day one, regardless of whether they have had an opportunity to use MFA yet.

Eric Karlinsky, Technical Marketing Manager, Okta
Shawn SaucierShawn Saucier
How do I get access to that in my Preview tenant?
api-workday api-workdayapi-workday api-workday
Shawn, 

Are your users ad or okta mastered?

if they are okta mastered you could potentially prepopulate the security question answer as it is part of the credential object (it would require using the API). This would of course require a high degree of confidence that you know something that you could ask the user that only they would know. From a security perspective i would say this is a bad idea in most cases.

I think Eric is spot on.  Ensuring that your users have established password reset elements as well as multifactor auth elements is going to be the best course of action.

As far as getting beta/EA features enabled, a support ticket is the fastest way i've seen to get feature flags turned on. Just let them know which org and which feature.
Shawn SaucierShawn Saucier
Our users are AD mastered.  From what I understand, using the password reset question would require the API to prepopulate as well as to utilized it on the user side.  We aren't developers I'm afraid.

As for forcing the registration, that's fine for people who already know their password (which is not the audience of this question).

The intent is to get users to be able to have a mechanism of getting their password even if they don't know it and haven't registered yet. 

It REALLY would be good to be able to push a "Cell Phone Number" into their self service process.  Since we either issue a cell phone or track a personal cell phone number, it IS something secure.

Please consider this a feature request.

Oh, and if this were possible through the API, I'd learn how to use it JUST FOR THAT.  :)
Jeremy SmallJeremy Small
This currently isn't possible, but we would use this feature as well if it was available.
James SmithJames Smith
We havent got this requirement at present but it would certainly be a welcome feature in a future release.
Or CingilliOr Cingilli
We would likely use this feature if it existed as well.
Rob ButterworthRob Butterworth
I'd like to be able to do this in general - pre-register end-user mobile devices for MFA.  Unless I've missed something?  Right now I have to help each user set theirs up.
Rajasekar Nagalingam (admin)Rajasekar Nagalingam (admin)
Is it possible to use UD and map the AD phone attribute to Okta SMS? 
Kristin BakerKristin Baker
We use exchange and have it set up to automatically setup their exchange email on their cell phone (device) when they sign into the Okta Mobile App. Is that what you mean?
Erica ChristiansenErica Christiansen
The idea of letting a user reset their password on their own makes me very nervous. I am not sure I would like that. 
Rocky ReyesRocky Reyes
We currently do not use Okta to manage our mobile devices. Can we still leverage this feature?
Eric HenriksenEric Henriksen
We are also looking for this functionality. We have Okta mastered users that would benefit greatly by being able to reset their password with an SMS. The process to have them enroll their phones themselves would be lengthy and involved. It would simplify things to be able to back-load this data to allow the users this functionality.
Parth SwadasParth Swadas
Also we can consider OKTA verify for receiving OTP's.

A feature request is already submitted for this.
Shawn SaucierShawn Saucier
Any updated comment on OKTA on the roadmap for this requested feature?