How to set or change Password and Expired Password flows using the “Password is managed by a different application“ option. This will be configured from Admin Dashboard > Customization > Other, under the User Account section. This applies to Okta and AD-mastered users.

• Okta Classic Engine
• Chrome/Firefox
• Self Service Recovery Password (SSRP) enabled

1. In the Okta Admin dashboard, navigate to the Customizations menu, then select Other.
   Under User Account, select the Identity Source and click on Edit.
   This applies to Okta and AD-mastered users.

2. Under password management, select Password is managed by a different application.

   1. In Section: CHANGE PASSWORD.
      Add: Custom Message, Custom link label, and Custom Link URL.

   2. In Section: EXPIRED PASSWORD.
      Add: Password reset website name and Link URL.

3. In both cases, the Custom Link URL should look like this, pointing to an IFrame page that will be displayed in the Okta end-user dashboard. For example: https://mycustomsite.com/iframe-embed.

4. Click Save.

5. Add the Custom Site as an Origin:
   From the Okta Admin dashboard, navigate to Security > API > Trusted Origins > click on +Add Origin and add the Custom application Site from step 3. For example: https://mycustomsite.com. Make sure to enable CORS, Redirect, and IFrame and then Save.

6. Make Sure the Password Policy allows Self-Service Recovery Password.

7. Go to the Okta Users dashboard.

   1. For users changing their password from the end-user dashboard, go to Settings and click the Change Password Link. The custom IFrame page is opened from the end-user's Dashboard.

   2. For users whose passwords expire automatically due to a password policy, the end-user dashboard will redirect to a custom page to allow the user to reset their password externally.
      
      

Related References

• Configure the Password authenticator
• Configure Trusted Origins