<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Enable or Disable Self Service Password Reset Option For Okta End Users
May 19, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview

Administrators can enable or disable end users' ability to initiate self-service password resets in Okta. The configuration is managed through password policy rules for both the Okta Identity Engine (OIE) and the Okta Classic Engine.

 

NOTE: Okta requires the selection of the Password change (from account settings) option for Okta Identity Engine (OIE) and the change password option for Okta Classic Engine to display the self-service password reset checkboxes.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Password Policy Rules
  • Password Reset
Solution

How can administrators enable or disable self-service password reset for users in Okta Identity Engine (OIE)?

 

Navigate to the password authenticator settings in the Admin Console to modify the password policy rules and adjust the self-service password reset options.

  1. Log in to the Okta Admin Console and navigate to Security.
  2. Select Authenticators, and under the Setup tab, navigate to Password.
  3. On the right side of the Password authenticator, select Actions, then Edit.
  4. Scroll down to the bottom of the page and choose Add rule (or edit an existing rule).
  5. Locate the Users can perform self-service section.
  6. Select the options for Password change (from account settings) and Password Reset.
  7. Alternatively, clear the Password Reset option to disable the feature for end users assigned to the password policy.
  8. Under the Recovery Authenticators section, set Access Control to Authentication Policy, which utilizes the Okta Account Management policy to manage how users authenticate to reset passwords.
  9. Alternatively, select the legacy rule option to allow specific factors to initiate recovery.

Recovery factor

 

 

How can administrators enable or disable self-service password reset for users in Okta Classic Engine?

 

Navigate to the authentication settings in the Admin Console to modify the password policy rules and adjust the self-service password reset options.

  1. Log in to the Okta Admin Console and navigate to Security.
  2. Select Authentication, then choose the Password Policy tab.
  3. Scroll down to the bottom of the page and choose Add rule (or edit an existing rule).
  4. Locate the Users can section.
  5. Select the options for change password and perform self-service password reset.
  6. Alternatively, clear the perform self-service password reset option to disable the feature for end users assigned to the password policy.

Edit rule

 

 

Related References

Recommended content

Still looking for help?
Loading
Enable or Disable Self Service Password Reset Option For Okta End Users