<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jlTSAROkta Classic EngineDevices and MobilityAnswered2024-04-30T09:18:25.000Z2015-09-04T05:54:14.000Z2018-08-12T04:15:13.000Z

j5v7c (j5v7c) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Setting Up A Mobile - AD Password Reset Link
 

Hello there - we've been using Okta successfully for a while and are embarking on some discovery with the self-service password reset functionality. 

 

We are AD Mastered, and the service account has the correct permissions to change AD passwords. Codes can be sent to registered SMS device and this has been tested without issue.  The main thing I think I'm missing is: Where the reset password on the Okta Mobile App?  I don't see a link and if I provide correct org name and ID but wrong password, it just dumps back to Sign In page without option to reset.

 

On a mobile browser, I can access link and everything works as envisioned. Is there a reason a reset link is not provided for Okta Mobile?  I'd like to get user comfortable with a one-stop app, vs: go here for *this* use-case...

 

Original Author: Jody Tyrus

 
  • 3 answers
  • 1.54K views

  • j5v7c (j5v7c)

     

    Hey Ed,

     

    So to be clear, what we have recently released is the ability to change your AD password from Okta Mobile. You must know your current AD password to execute that flow. We have not introduced a "Forgot my password" flow into Okta Mobile yet. There are security considerations that must be addressed in order to safely execute that flow. If the phone is lost or stolen and unlocked, then a malicious agent would have access to both email and MFA to make an unauthorized password change. Once we introduce Touch ID or other non-device dependent auth gate then we will begin to look at "Reset my password" from the device.

     

    Original Auhtor:  Arturo Hinojosa, Okta

     
    Expand Post
    Selected as Best

  • j5v7c (j5v7c)

     

    Hi Jody,

     

    Glad to hear you are happy with Okta so far!

     

    Unfortunately there is no link to reset your password through Okta Mobile today - however, that's an option that we plan to add in the next 30 or 60 days.

     

    If you send me your contact information to arturo.hinojosa@okta.com(mailto:arturo.hinojosa@okta.com) I can send you a note when the password reset link is due to be released.

     

    Origintal Author:  Arturo Hinojosa, Okta

     
    Expand Post

  • j5v7c (j5v7c)

     

    Interesting ... there are perhaps 2 different use case(s) here ...

     
    1. Forgotten AD password reset which prevents user from registering and accessing Okta mobile for the 1st time (because the 'registration/ 1st access' page requires you to enter org name/ ID and AD password, or after sign out- but this is infrequent.)
    2. Forgotten AD password reset which does NOT prevent user from accessing Okta mobile on 2nd and subsequent attempts, because access is now protected by mobile pin, but where the user cannot use Windows desktop or Okta browser (use cases) and wants to use Okta Mobile as a secondary device/ route to reset forgotten AD password
     

    Don't know how useful 2 would be (it can be acheived in the Okta browser) and I can see a problem - (we don't know if they have forgotten their mobile pin as well or not,) or whether it should be before or after the "Enter your PIN" page

     

    Original Author:  Edward Holliday, Okta

     
    Expand Post

  • j5v7c (j5v7c)

     

    Hey Ed,

     

    So to be clear, what we have recently released is the ability to change your AD password from Okta Mobile. You must know your current AD password to execute that flow. We have not introduced a "Forgot my password" flow into Okta Mobile yet. There are security considerations that must be addressed in order to safely execute that flow. If the phone is lost or stolen and unlocked, then a malicious agent would have access to both email and MFA to make an unauthorized password change. Once we introduce Touch ID or other non-device dependent auth gate then we will begin to look at "Reset my password" from the device.

     

    Original Auhtor:  Arturo Hinojosa, Okta

     
    Expand Post
    Selected as Best
This question is closed.
Loading
Setting Up A Mobile - AD Password Reset Link