00u4aox71wR7nIpTt0x71.457467462818523E12 (Customer) asked a question.
Don't require security question upon account creation
Hello,
We use the Postman and the Okta API to create our user accounts. Is there a way to not require the creation of a security question when the user logs into their account for the first time? Requiring a cell phone number would be fine. The problem with the security question is that as admins we ended up being the first login as that use so we can finalize the set up of their other provisioned accounts. Okta asks for a security question and often the user hasn't even started with the company yet so we end up having to put in a dummy answer and change it later.
Thanks!
— Stephen
Hi Stephen ,
yes it is possible by using in Postman the call Create Activated User with Password and Recovery Question and from the body of the call just eliminate the part regarding the security Question.The body would look like this.
{
"profile": {
"firstName": "Isaac",
"lastName": "Brock",
"email": "isaac@dragos.inc",
"login": "isaac1@dragos.inc"
},
"credentials": {
"password" : { "value": "*********" }
}
}
The user will be created and activated and the only thing that he/she needs to do when logging in would be to set the Recovery question.
We actually use that exact process. I’m sorry I wasn’t clear. What we’d like to do is have it so there is no recovery question needed at all. After account creation we admins are the first to login to the users account (often well before the employee arrives at the company) to complete the setup of various accounts, and so we’re the ones who have to set the recovery question by answering on the user’s behalf—not something we want to do.
So is there some way to not require a recovery question for Okta users at all. We’d prefer to use some other recovery method like needing to email an admin for our domain, SMS recovery, or another method other than a recovery question.
Thanks so much.
-—-—-—-—-—-—-—-—
Stephen K Mack
IT Administrator
NoVo Foundation