<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Security Questions as the First Option in Okta Self-Service Password Reset
Mar 11, 2026
Administration
Okta Identity Engine
Okta Classic Engine
All Engines
Overview

Administrators cannot configure security questions as the primary authentication method for resetting passwords through Okta Self-Service Password Reset (SSPR). The system requires a different primary factor but permits security questions as a secondary authentication option.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Self-Service Password Reset (SSPR)
  • Security Question Authenticator
Solution

Can security questions function as the primary option for password resets?

Okta restricts the use of security questions as the initial authentication step during a password reset. Administrators must configure a different factor for the primary step. However, administrators can configure security questions as the secondary SSPR option.

Related References

Recommended content

Still looking for help?
Loading
Security Questions as the First Option in Okta Self-Service Password Reset