<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UloSAFOkta Classic EngineIntegrationsAnswered2024-04-30T09:18:25.000Z2017-07-16T02:05:07.000Z2020-07-17T17:41:05.000Z

RajivP.56101 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Password reset when "Challenge Question" has not been set
Hi. We have a very lightweight low-security app, for which we've created a bunch of users using the Create-User-With-Password API detailed here:

https://developer.okta.com/docs/api/resources/users.html#create-user-with-password

 

Notably, there is no recovery question/answer set, because we want to make the user-signup process as simple and quick as possible.

 

Now, when the above users try to reset their password, they receive the email successfully, but are then prompted to answer a non-existant "Forgotten Password Challenge", which they have no idea how to fill.

 

Is this expected? How can a user reset his password when he doesn't have any recovery question set up?
  • 3 answers
  • 3.38K views
njjjl and kslj8 like this.

  • j5v7c (j5v7c)

    Hi Rajiv

     

    This is something that we've had requested a few times more recently and we are working on options to configue optionally the need for the security question to be answered. There was a little while ago a small beta test where a feature flag DISABLE_SECURITY_QUESTION_FOR_RECOVERY could be switched on. You might like to get in touch with support to see if this can be used.

     

    Some customers might not like this as it does obviously lower the security posture, but for some use cases like yours it might be suitable.

     

    Thanks, Kevin
    Expand Post

  • kekh4 (kekh4)

    I would like to use this feature....Any updates on this?

  • AmitR.70671 (Customer)

    Is there any update on this feature, to disable challenge/recovery questions incase of forgot password flow?

This question is closed.
Loading
Password reset when "Challenge Question" has not been set