<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Prevent Setting Blank or Null Password via Users API Call within Okta
Apr 29, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article clarifies whether the Users API is able to save null or blank passwords. An administrator is attempting to update a user's password using one of the following methods, which results in the user's password being set to a blank or null value:

PUT api/v1/users/<USER_ID>

POST api/v1/users/<USER_ID>

API call 

 

Applies To
  • Users API
  • Adding a blank or null password
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
Cause

The ability to save blank or null passwords to users via an API call is allowed because the PREVENT_SETTING_BLANK_PASSWORD_ON_USER_UPDATE feature is disabled. When this feature is disabled, the administrator is able to save blank or null passwords to users via an API call.

Solution

Contact Support to enable the feature PREVENT_SETTING_BLANK_PASSWORD_ON_USER_UPDATE.

After the feature is enabled, the result prevents the saving of blank or null passwords.

Postman

Related References

Recommended content

Still looking for help?
Loading
Prevent Setting Blank or Null Password via Users API Call within Okta