<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008S327KSAROkta Classic EngineUniversal DirectoryAnswered2018-10-19T17:11:28.000Z2018-10-09T15:15:17.000Z2018-10-19T17:11:28.000Z

gedgmond (Habitat for Humanity International) asked a question.

October 9, 2018 at 3:15 PM
Account unlock propagation

When a user gets locked, I see the lock get propagated into Okta. However, when our external end user support organization unlocks them, I do not see this unlock propagate into Okta, where they remain locked. Is there a setting for this? Also, I have Okta-mastered people who lock themselves by saving (wrong) passwords in their phones. What is the process to enable them to self service (assuming they have a secondary email and secret question)?

  • 2 answers
  • 2.31K views

  • bj.lillo1.5120064354347244E12 (Okta, Inc.)

    Geoff,

     

    What you're seeing with account unlocking is expected behavior. There is a setting on your Okta password policies for these AD users which would unlock them in both Okta and AD when you unlock the account via Okta.

     

    To enable self service, go to your Okta Admin portal > Security > Authentication > select the appropriate password policy for the users in question > and configure the options found in the ACCOUNT RECOVERY section according to your organization's needs.

     

    BJ Lillo

    Senior Technical Support Engineer

    Okta Global Customer Care

    Expand Post
    Selected as Best

  • bj.lillo1.5120064354347244E12 (Okta, Inc.)

    Geoff,

     

    What you're seeing with account unlocking is expected behavior. There is a setting on your Okta password policies for these AD users which would unlock them in both Okta and AD when you unlock the account via Okta.

     

    To enable self service, go to your Okta Admin portal > Security > Authentication > select the appropriate password policy for the users in question > and configure the options found in the ACCOUNT RECOVERY section according to your organization's needs.

     

    BJ Lillo

    Senior Technical Support Engineer

    Okta Global Customer Care

    Expand Post
    Selected as Best

  • gedgmond (Habitat for Humanity International)

    I also see where I can set an automatic unlock in 60 minutes. My concerns is that last time I changed the policy, it sent email to everyone in Okta that had not set a recovery password and secret question. Will it do that again if I change the policy to automatically unlock in 60 minutes?

    Geoff Edgmond
    Information Security
    Habitat for Humanity International
    121 Habitat St.
    Americus, Georgia 31709

    gedgmond@habitat.org<mailto:gedgmond@habitat.org> http://www.habitat.org<http://www.habitat.org/>
    Expand Post
This question is closed.
Loading
Account unlock propagation