On the Okta Identity Engine (OIE) tenants, in order to reset the password and send a reset password email for a user, the Okta admin must access the Okta user profile and click on the Reset or Remove password button that is displayed under the username.
After the button is pressed, make sure to check the Send a reset password email option so that the user will receive an email with the password reset link. In OIE, the lifespan of the password reset link is hardcoded to 1 hour, and it is not possible to modify it from the Okta admin dashboard.
 

• Okta Identity Engine (OIE)
• Password reset link lifespan

NOTE: This is just an example. This information should be used at one's own discretion and risk, as the steps could change whenever a product update is released. Okta strongly advises against deploying this in production environments. It is highly recommended to test this in a test/preview environment. All instructions are provided AS IS without warranty of any kind. Okta disclaims all implied warranties, including, without limitation, any implied warranties for a particular purpose.

In OIE, currently, the only way of changing the lifespan of the password reset link is through an API call.

1. Access the Authenticators section of the OIE Okta tenant, click on the Actions link, and then Edit. Under the Add New Password Policy button, search for the password policy that needs to be modified, and make a note of the name of the policy.

2. Install Postman and the Policy API collection. After the collection is added in Postman, access the Policy collection, and under the Password folder, click on the Get Password Policies option and click Send. In the received API response, search for the password policy name and copy the policy ID value.

3. In Postman, under the Password folder, click on Get Policy. In the API endpoint field, replace the {{policyId}} part with the policy ID value copied earlier, and click Send. After the response is received, copy it entirely.

4. In Postman, under the Password folder, click on the Update Password Policy option. In the API endpoint field, add the policy ID obtained in step 2. Click on the Body tab and delete/replace everything with the API response copied from step 3. Do not click Send yet.

5. Before sending this information to Okta, look for this parameter in the API response text: "tokenLifetimeMinutes": 70

6. This parameter manages the lifespan of the password reset link. In this example, it is set to 70 minutes. Feel free to change the value to whatever is required. Do not make any other changes!

6. After the change is done, click Send. In this example, the value is changed from 70 minutes to 90 minutes:

7. Since the API call was successful, there is no need to check. However, by redoing step 3 only one more time (do not forget to add the policy ID), the value will appear updated now in the response.

NOTE:

• Okta does not support displaying the lifespan of the password reset link in minutes, only in hours. Hence, setting minutes that do not represent whole hours (for example, 70 min., 99 min., 135 min., etc.) will not be visible in the user interface, so Okta recommends setting this value in hours (for example, 60 min., 120 min., 180 min., etc.) to avoid confusion.
• The tokenLifetimeMinutes minimum is 60 minutes, and the maximum is 300000​​​​​ minutes.

Related References

• Password Policy
• How to Send a Password Reset Email to an End-User