<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Not Receiving passwordChanged Attribute from Okta API for AD-Sourced Users
Jul 8, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

This article presents the difference between Okta-Sourced profile attributes and AD-Sourced profile attributes.

Applies To
  • Okta-Sourced Profile Attributes
  • AD-Sourced Profile Attributes
  • Active Directory
Cause

Okta-Sourced Attributes do not appear in authentication responses for AD-Sourced users.

Solution

This is an expected behavior. When users are sourced from Active Directory the password details are not stored in Okta. The passwordChanged attribute is an Okta attribute which means that it will not be included in the authentication response for AD-sourced users since the password details are handled on the AD side.

To let Okta discover attributes, they must be added to a user object, a parent object, or an auxiliary object in the directory.

When the schema discovery is completed, a list of the attributes that Okta has permission to discover in the directory is available.

Recommended content

Still looking for help?
Loading
Not Receiving passwordChanged Attribute from Okta API for AD-Sourced Users