This article addresses the issue where users who reset their Active Directory (AD) or Azure Active Directory (AAD) password are required to re-authenticate through Okta. This re-authentication applies to all of the user's Windows devices and apps, which can be challenging for users who utilize Microsoft Teams phones.

• Single Sign-On (SSO)

The behavior is by design, as session validity after login is managed by the service provider (SP), in this case, Active Directory. A password reset event invalidates existing sessions, requiring users to re-authenticate.

Users should re-authenticate through Microsoft after the password change. This process is required to establish new sessions and ensure the user's devices and apps continue to function properly.

Related References

• Provision users to Office 365