<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Self-Service Password Reset Shows Unenrolled Authenticators
Dec 3, 2025
Okta Identity Engine
Administration
Overview

When a user attempts to reset a password after selecting Forgot password?, options to reset via email and Okta Verify appear. This occurs even if the user has not enrolled in Okta Verify.

Applies To
  • Okta Identity Engine
  • Self-Service Password Reset
Cause

This behavior is controlled by the password policy and the Okta Account Management Policy settings.

Solution

Use the following Okta Account Management Policy rule expression:

accessRequest.operation == 'recover'

This expression ensures that the policy rule applies specifically to recovery scenarios. When combined with the authenticator settings in the rule, Okta only presents the recovery options that the user enrolled in during these flows.









Related References


Recommended content
Still looking for help?
Loading
Self-Service Password Reset Shows Unenrolled Authenticators