<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y0000667nnSSAQOkta Classic EngineAdministrationAnswered2019-05-01T22:46:27.000Z2019-03-28T07:15:43.000Z2019-05-01T22:46:27.000Z

JaniceC.40642 (Customer) asked a question.

March 28, 2019 at 7:15 AM
Password policy

Hi,

 

What is the recommended way to configure Okta user's password policy for headless account?

 

There is password policy A to configure everybody to have password expired after X days and this "everyone" group include headless account.

How do I configure my headless account to have password never expired or at different interval than my regular users?

 

If we create multiple policies, 1 to have password expired at X days to "everybody" and another policy to have password never expired on headless account, which policy will take precedence?

 

  • 1 answer
  • 1.22K views

  • chris.gough1.5294806994926108E12 (Okta, Inc.)

    Hi Janice,

     

    Thank you for posting on the Okta help center! Regarding the password policy for headless accounts, my advice is to set these accounts into a separate group, or at least in a separate group as well as the 'everyone' group if it's needed.

     

    Then create a new password policy (Security > Authentication) solely assigned to the headless user group, but make sure by dragging this policy in the list on the left, that it's placed as #1. This way, even if they are part of everyone, Okta will make sure the first policy it see's for that account is adhered to.

     

    Note: Make sure that if it's mastered by a separate directory, such as AD, that the password policy matches with the Okta policy.

     

    If you still require assistance on this, please do raise a support case and we will help as best we can.

     

    Thank you,

    Christopher Tomiak-Gough

    Snr Support Engineer

    Expand Post
    Selected as Best

  • chris.gough1.5294806994926108E12 (Okta, Inc.)

    Hi Janice,

     

    Thank you for posting on the Okta help center! Regarding the password policy for headless accounts, my advice is to set these accounts into a separate group, or at least in a separate group as well as the 'everyone' group if it's needed.

     

    Then create a new password policy (Security > Authentication) solely assigned to the headless user group, but make sure by dragging this policy in the list on the left, that it's placed as #1. This way, even if they are part of everyone, Okta will make sure the first policy it see's for that account is adhered to.

     

    Note: Make sure that if it's mastered by a separate directory, such as AD, that the password policy matches with the Okta policy.

     

    If you still require assistance on this, please do raise a support case and we will help as best we can.

     

    Thank you,

    Christopher Tomiak-Gough

    Snr Support Engineer

    Expand Post
    Selected as Best
This question is closed.
Loading
Password policy