This article goes into detail on how the Breached password protection can be set up in the password policy.

• Breached password protection
• Password policy

Okta Identity Engine

1. Navigate in the Admin Dashboard to Security > Authenticators > Password > Actions > Edit.
2. Identify the password policy for which this feature should be enabled and press Edit.
3. Under Password Security, enable the Breached Password Protection by checking the box for Expire the password after this many days or Take custom actions using Workflows.

Okta Classic Engine

1. Navigate in the Admin Dashboard to Security > Authentication > Password.
2. Identify the password policy for which this feature should be enabled and press Edit.
3. Under Password Security, enable the Breached Password Protection by checking the box for Expire the password after this many days or Take custom actions using Workflows.

Configuration Settings

• The "Expire the password after this many days" setting allows admins to set the number of days users can sign in with breached credentials. This numerical value can be between 0 and 10 days.
• The "Take custom actions using Workflows" setting will require an already existing workflow to be selected prior to being able to save the password policy.

NOTE: These two settings can be used at the same time, allowing admins to expire the user password and log out users from Okta immediately while taking custom actions using workflows.