<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

User in One-Time Password Mode Still Able to Login

Last Updated:

Okta Classic Engine
Okta Identity Engine
Administration

Overview

This article refers to why a user in a one-time password can still access the applications.

Applies To

  • Users
  • Password Policy
  • Applications
  • Login

Cause

The user did not authenticate in Okta since their status has changed, resulting in the user not having an expired password and still being able to access external applications through SP flow.

 

Solution

The user will have to log into the Okta Dashboard application directly. When that happens, the user will be prompted to set their new password, which will result in the user status changing from One-time password > Active.

This can be tracked in the logs by searching with the following query:

target.id eq "Okta_Dashboard_Application_Id" and eventType eq "user.authentication.sso" and actor.id eq "User_Id"

The Okta Dashboard ID can be found in the application page URL.

The User ID can be found in the URL when accessing the User Profile page.

Recommended content

Still looking for help?
Loading
Okta Support - User in One-Time Password Mode Still Able to Login