The Forgot Password Email Does Not Contain the One-Time Password (OTP)
Last Updated:
Overview
When a user attempts the Forgot Password flow in order to reset the password, the email being sent from Okta contains an OTP code to be used instead of the link (in the form of a Reset Password button). When using API, the OTP is not being sent.
Applies To
- One-Time Password (OTP)
- Forgot Password flow
Cause
The forgot password email is triggered via API if sendEmail=true.
Solution
- If an end-user triggers the Forgot Password email using the option on the Sign-in page, the OTP will appear in the email sent by Okta.
- If the Forgot Password email is triggered via an API call, Okta's email does not contain the OTP and instead presents the Password Reset Link to the user.
