This article describes how to enable or disable the ability for end users to initiate self-service password resets.
- Password Policy Rules
- Password reset
NOTE: To ensure that users can perform a Self-service Password reset, make sure that the fields Password change (from account settings) for Okta Identity Engine (OIE) and change password for Classic are checked, or the other option checkboxes will not be available.
Okta Identity Engine (OIE)
-
Log in to the Admin Dashboard and navigate to the Security.
-
Select Authenticators, and under the Setup field, navigate to Password.
-
On the right side of the Password authenticator, select Actions, then Edit.
-
Scroll down to the bottom of the page and choose Add rule (or edit an existing rule).
-
Locate the Users can perform self-service section.
-
Check the options for Password change (from account settings) and Password Reset.
-
Alternatively, uncheck the Password Reset option to disable the option for end users to whom the password policy is applied.
- Under the Recovery Authenticators section, Access Control can be set to Authentication Policy, which utilizes the Okta Account Management policy to manage how users can authenticate to reset their password.
-
The alternative would be to use this rule (legacy), which was the legacy method of allowing certain factors to initiate recovery.
Okta Classic Engine
-
Log in to the Admin Dashboard and navigate to the Security tab.
-
Select Authentication > Password Policy (tab).
-
Scroll down to the bottom of the page and choose Add rule (or edit an existing rule).
-
Locate the Users can section.
-
Check the options for change password and perform self-service password reset.
-
Alternatively, uncheck the perform self-service password reset option to disable the option for end users to whom the password policy applies.
