This article discusses converting user accounts whose provider is from a social Identity Provider (IdP) to Okta-mastered.
Converting user accounts to Okta-mastered will enable the management of user credentials that originated from social providers. This is particularly useful when using social logins for new user registrations, as it makes it easier for end users to register with the organization.
- Social Logins
- Identity Providers (IdPs)
- Converting social-provided accounts to Okta-mastered
VIA Okta Admin Dashboard UI
- Navigate to Directories > People and locate the desired user account.
- Click Reset or Remove Password.
- Select Send a reset password email.
- A password reset email will be sent to the end user. The end user can either reset the password via email or the Okta admin can create a temporary password for the end user. (The latter will require the end user to change the password with the next login.)
Via API
- Call the API for
/api/v1/users/{{userID}}/lifecycle/reset_password?sendEmail=falsewill transition the user to the PROVISIONED state and set OKTA as the credential provider.- NOTE: If sendEmaill=true, this will send the "Password Reset by Admin" email template.
- Call the API for
/api/v1/users/{{userID}}/lifecycle/reactivate?sendEmail=true.- Because the user is in a provisioned state, the "User Activation" email template will be sent to them.
- Either template will include an activation token that can be exchanged for a state token that will allow setting a new password through /api/v1/authn/credentials/reset_password.
NOTE: If the user details indicate that the profile is sourced by a different source, such as Active Directory, that user will need to be unlinked from their IdP. This can be performed in the console by selecting more actions for the user, then disconnecting from their IdP. This can also be done via APIs found in this documentation: Unlink a User from IdP.
