This article addresses the default behavior for the email notifications template for Password Changed. It explains why it may not be sent when the Password Reset is completed through an Administrative API Endpoint.
- User Lifecycle Management
- Okta Users API
- Password Reset API
When the setting for Password changed notification email under Security > General > Security Notification Emails is enabled, and the Password Changed email template is configured, the default behavior sends a Password Changed email notification when user-initiated, including the following:
/api/v1/authn/credentials/change_password/api/v1/authn/credentials/reset_password/idp/idx/*
However, this does not initiate the Password Changed email notification when requested by Administrative endpoints, including:
/api/v1/users/{id}/api/v1/users/{id}/credentials/change_password
We do offer a feature that allows Password Changed Emails to be sent for Admin-initiated Password Changes as well. Testing this in a Preview or UAT Okta org before enabling it for a Production environment to verify the functionality is strongly recommended. To enable this in the Okta org, please open a support case and include the following:
- Outline the expected and actual behavior observed, including steps to reproduce, confirming the exact API endpoints used, related screenshots, transaction IDs, etc.
- Specify the full Okta Org URL where permission is granted to make this change.
- Reference or link this article.
Okta Support will evaluate this request and will follow up if additional details are required to complete the request.
