The Password Policy allows admins to configure how complex a user's password needs to be. Complex passwords increase the security of users' accounts. This article explains whether Okta can automatically ask a user to reset their password when it does not meet the password complexity requirements.
- Password Policy
Forced password resets for users with passwords that no longer meet the requirements are not supported in Okta. That is because, by design, the password policy is only evaluated by Okta when a user signs in.
The expected behavior when the password complexity requirements are updated is that Okta only evaluates the password policy when the user needs to update their Okta password, either by resetting the password through self-service or when the user's password expires. Simply put, Okta enforces configured password requirements only when a new password is set up by a user.
