User16323579764799527576 (Customer) asked a question.
How to allow self service password reset with IDP
Hi,
We allow our users to sign up using username/password or an identity provider. If they sign up with an IDP then they cannot reset their own passwords. The error `PASSWORD_BASED_LOGIN_DISALLOWED` is logged. I found [this article](https://support.okta.com/help/s/article/PASSWORD-BASED-LOGIN-DISALLOWED?language=en_US) which doesn't really help.
Is this the expected behavior and how can we change it? We already allow self service password reset and we'd like that to work even if you used an IDP to sign up.
Hello @User16323579764799527576 (Customer)
Thanks for posting.
Instead of performing a serlf service password for end users, it will be necessary to reset the password from the IDP for the affected accounts.
After this, the users should be able to reset their passwords on further ocassions.
If this doesn't work, please open a support case with our team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.
Hey @User1630709688426468638 (Okta)!
I'm not clear what "reset the password from the IDP" means. Do you mean that if the user signed up with Google then they will have to change their Google password?
We want to support a use case where the user has signed up with an IDP but later wants to add password login (perhaps because the IDP account has been deleted).
Regards,
Nicklas
@User1630709688426468638 (Okta) Any updates on this?
Hi, any updates on this issue?
It causes quite a nuisance for our users having to reset their IdP password. We have self-service enabled via email and would expect this to work even if the user signed up via an IdP.