JaniceC.40642 (Customer) asked a question.
Password policy
Hi,
What is the recommended way to configure Okta user's password policy for headless account?
There is password policy A to configure everybody to have password expired after X days and this "everyone" group include headless account.
How do I configure my headless account to have password never expired or at different interval than my regular users?
If we create multiple policies, 1 to have password expired at X days to "everybody" and another policy to have password never expired on headless account, which policy will take precedence?
Hi Janice,
Thank you for posting on the Okta help center! Regarding the password policy for headless accounts, my advice is to set these accounts into a separate group, or at least in a separate group as well as the 'everyone' group if it's needed.
Then create a new password policy (Security > Authentication) solely assigned to the headless user group, but make sure by dragging this policy in the list on the left, that it's placed as #1. This way, even if they are part of everyone, Okta will make sure the first policy it see's for that account is adhered to.
Note: Make sure that if it's mastered by a separate directory, such as AD, that the password policy matches with the Okta policy.
If you still require assistance on this, please do raise a support case and we will help as best we can.
Thank you,
Christopher Tomiak-Gough
Snr Support Engineer