<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Manage the Account Recovery Email Validity Period
Jan 12, 2026
Administration
Okta Classic Engine
Okta Identity Engine
Overview
This article presents how to manage the account recovery email validity period. 
 
Applies To
  • Password Reset
  • Account unlock emails
  • Reset/unlock recovery emails' validity
  • Okta Classic Engine
Solution

Follow the steps or video below.

  1. Go to Security > Authentication > select the Password Policy that needs to be changed, and click the Edit button.

Edit button

  1. In the Policy pop-up that appears, look for the Account Recovery section. Use the drop-down option to modify the reset/unlock recovery email validity lifespan.

Account Recovery


The validity of the Recovery token can also be managed via API as detailed here: Authentication UI - Recovery Token.

This was changed in Okta Identity Engine to 30 mins max for security reasons: https://support.okta.com/help/s/article/What-Is-the-Maximum-Lifetime-of-the-Email-Challenge-For-Email-Authenticator

Related References 

 

Recommended content

Still looking for help?
Loading
How to Manage the Account Recovery Email Validity Period