
00uwqxphfHZZCGGKo351.5632069269073962E12 (TPICAP) asked a question.
Is there a way to identify what password policy is being applied to an existing user?
Example:
- user A is using password policy 1 and is currently active
- user A has now been added to a new group which contains password policy 2
User A is still currently using password policy 1 with there existing password set, how do you identify the user is still currently password policy 1 and not password policy 2 even though they have this group?
Until the user resets there password after being added to the new group which contains password policy 2 would they be using the new policy. but there is no way to identify this.

If you know the date/time that User A was assigned to password policy 2 (when User A was added to the new group), you can compare that to the passwordChanged timestamp on User A's Okta account (assuming User A is an Okta-mastered user and not synchronized from Active Directory).