<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UfjSAFOkta Classic EngineOkta Integration NetworkAnswered2024-03-25T23:41:55.000Z2018-07-06T06:57:52.000Z2018-08-12T04:14:58.000Z

th7vu (th7vu) asked a question.

July 6, 2018 at 6:57 AM
Okta password change notification to downstream apps?
Is it possible to send out "password changed" notification (i.e. user changes their own Okta password) from Okta to integrated downstream apps? ex. Office 365. Such a notification will enable the downstream app (ex. Azure) to invalidate the user's session or any active tokens the user may have.
  • 1 answer
  • 1.08K views

  • chris.hancock1.4756186399413728E12 (Okta, Inc.)

    Hi Jatin, 

     

    With regards to password changes Okta provides a Password Sync option for many apps that allow user provisioning. This includes the O365 application. As such if you are not using Federation as your authentication method for Office 365 you can enable the Password Sync component in the provisoning tab. 

     

    0EM0Z0000002DMg

    More information on the Password Sync can be found in our documentation here: https://support.okta.com/help/Documentation/Knowledge_Article/Password-Synchronization-Overview#OktaToApplicationSyncOktaPassword

     

    However it is important to undertsand that Office 365 will not immediately revoke all sessions based on the user password changing and will be based on the refresh token lifetime as such when the refresh token is used to revalidate the users session they will be prompted to re-authenticate. More information on this can be found here: https://support.office.com/en-us/article/session-timeouts-for-office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40

     

    If you are looking for another mechanism to forcefully terminate the sessions in O365 when they reset their password, you can look at the Okta and O365 powershell and utilise custom code to identify the user changing their password via a custom login page for Okta. When the password reset is successful you can either update O365 user password via the sync option above or via powershell and also, with powershell, terminate all Azure app sessions. The blog post below provides the powershell command at the end of the post.

     

    https://blogs.technet.microsoft.com/educloud/2017/06/14/how-to-kill-an-active-user-session-in-office-365/

     

    If the above is not the solution you are looking for I would recommend raising a support ticket so we can discuss your use case in more detail. 

     

    Thanks,

    Chris 

     

    Expand Post
    Selected as Best

  • chris.hancock1.4756186399413728E12 (Okta, Inc.)

    Hi Jatin, 

     

    With regards to password changes Okta provides a Password Sync option for many apps that allow user provisioning. This includes the O365 application. As such if you are not using Federation as your authentication method for Office 365 you can enable the Password Sync component in the provisoning tab. 

     

    0EM0Z0000002DMg

    More information on the Password Sync can be found in our documentation here: https://support.okta.com/help/Documentation/Knowledge_Article/Password-Synchronization-Overview#OktaToApplicationSyncOktaPassword

     

    However it is important to undertsand that Office 365 will not immediately revoke all sessions based on the user password changing and will be based on the refresh token lifetime as such when the refresh token is used to revalidate the users session they will be prompted to re-authenticate. More information on this can be found here: https://support.office.com/en-us/article/session-timeouts-for-office-365-37a5c116-5b07-4f70-8333-5b86fd2c3c40

     

    If you are looking for another mechanism to forcefully terminate the sessions in O365 when they reset their password, you can look at the Okta and O365 powershell and utilise custom code to identify the user changing their password via a custom login page for Okta. When the password reset is successful you can either update O365 user password via the sync option above or via powershell and also, with powershell, terminate all Azure app sessions. The blog post below provides the powershell command at the end of the post.

     

    https://blogs.technet.microsoft.com/educloud/2017/06/14/how-to-kill-an-active-user-session-in-office-365/

     

    If the above is not the solution you are looking for I would recommend raising a support ticket so we can discuss your use case in more detail. 

     

    Thanks,

    Chris 

     

    Expand Post
    Selected as Best
This question is closed.
Loading
Okta password change notification to downstream apps?