<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VXISA3Okta Classic EngineMulti-Factor AuthenticationAnswered2024-04-30T09:18:25.000Z2015-09-23T13:56:44.000Z2017-08-03T23:25:24.000Z

wjt35 (wjt35) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
How to use pre-populated phone/email for SMS password self service?
We are having a large issue with Password Self Service adoption due to the requirement for a full registration PRIOR to using the password self service.

 

In our environment, we tightly manage cell phone data and email address data and synchronize it to AD and/or OKTA (depending on whether it's work or personal).

 

We would like to be able to pre-register the cell phone and/or email in the user's profile so it can immediately be used for password self service. 

 

how can I make that happen?

 

If it's not possible, what are some options for improving adoption? 

 

More info about our audience: 

We have a large population of "offshore" users who only occasionally log in to do things like update HR data or view evaluations.  Since we have made OKTA the authentication source, if they haven't logged into OKTA for a YEAR, then their password has expired (even if they remember it).

  • 15 answers
  • 2.41K views
sw3pb, 5uizj, and 5 others like this.

  • eric.karlinsky1.4147731941881877E12 (Okta, Inc.)

    @Shawn Unfortunately that is not a feature that Okta supports right now. While you can use the API to populate phone numbers, these are not the numbers which are used for SMS-based MFA.

     

    So, how can you increase adoption? One way is to use a new feature we have in beta right now: MFA Enrollment Policy. This allows an admin to require that certain MFA methods be enrolled upon first login into Okta. This way, users can be forced to enroll on day one, regardless of whether they have had an opportunity to use MFA yet.

     

    Eric Karlinsky, Technical Marketing Manager, Okta
    Expand Post

  • wjt35 (wjt35)

    How do I get access to that in my Preview tenant?

  • svcV.75126 (Customer)

    Shawn, 

     

    Are your users ad or okta mastered?

     

    if they are okta mastered you could potentially prepopulate the security question answer as it is part of the credential object (it would require using the API). This would of course require a high degree of confidence that you know something that you could ask the user that only they would know. From a security perspective i would say this is a bad idea in most cases.

     

    I think Eric is spot on.  Ensuring that your users have established password reset elements as well as multifactor auth elements is going to be the best course of action.

     

    As far as getting beta/EA features enabled, a support ticket is the fastest way i've seen to get feature flags turned on. Just let them know which org and which feature.
    Expand Post

  • wjt35 (wjt35)

    Our users are AD mastered.  From what I understand, using the password reset question would require the API to prepopulate as well as to utilized it on the user side.  We aren't developers I'm afraid.

     

    As for forcing the registration, that's fine for people who already know their password (which is not the audience of this question).

     

    The intent is to get users to be able to have a mechanism of getting their password even if they don't know it and haven't registered yet. 

     

    It REALLY would be good to be able to push a "Cell Phone Number" into their self service process.  Since we either issue a cell phone or track a personal cell phone number, it IS something secure.

     

    Please consider this a feature request.

     

    Oh, and if this were possible through the API, I'd learn how to use it JUST FOR THAT.  🙂

    Expand Post

  • 4h1ee (4h1ee)

    This currently isn't possible, but we would use this feature as well if it was available.

  • 3tc6v (3tc6v)

    We havent got this requirement at present but it would certainly be a welcome feature in a future release.

  • Orph351 (Customer)

    We would likely use this feature if it existed as well.

  • Rob Butterworth (Amadeus Capital Partners)

    I'd like to be able to do this in general - pre-register end-user mobile devices for MFA.  Unless I've missed something?  Right now I have to help each user set theirs up.

  • j5v7c (j5v7c)

    Is it possible to use UD and map the AD phone attribute to Okta SMS?

  • Kristin "Ninja" Baker (Customer)

    We use exchange and have it set up to automatically setup their exchange email on their cell phone (device) when they sign into the Okta Mobile App. Is that what you mean?
10 of 15
This question is closed.
Loading
How to use pre-populated phone/email for SMS password self service?