<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jfWSAROkta Classic EngineAdministrationAnswered2024-04-17T13:05:52.000Z2018-07-20T19:21:54.000Z2018-07-20T19:21:54.000Z

vuem9 (vuem9) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Password reset for a different Directory integration
Currently have a senario where we SSO login to our main domain with AD Directory integration, but we have a second datacenter AD domain with Directory Integration that we manage and we'd like an Okta application link that allows a user to reset their password for that secondary domain.

 

If I manually got to /login/do-login and click 'need help logging in' and follow the reset password prompt, the user is able to send the reset password email and reset their password on their own, but attempting to craft an Okta Application to go directly to /signin/forgot-password give the user a 'You do not have permission to perform the requested action'.  

 

Is there a way to make this happen without setting up a custom webpage?

 

Thanks,
  • 1 answer
  • 1.16K views

  • DanSacui (Vendor Management)

    Hello, In order to perform a self service password reset for your second domain a few conditions have to be met.

     

    The first way this can be achieving this would be to get in touch with professional services to have this set-up, you can open a support ticket for additional details.

     

    The other way of achieving this would be to connect your AD's together with various connectors from Microsoft to be able to allow an account to have permissions to change the password across multiple domains.

     

    The reason why you are currently getting the error is because your main AD domain changes the passwords in this AD using a service account. This service account does not currently have permissions to change the passwords in the second.

     

    Thanks,

    Dan
    Expand Post
This question is closed.
Loading
Password reset for a different Directory integration