dse7i (dse7i) asked a question.
Is access via API Token affected by reset or expired password/mfa?
We would like to create "service accounts" users in Okta. These users would be used by other systems with Okta API Tokens and the responsible humans should generally not use these accounts.
If the passwords or MFA for these users are expired or reset, are the API Tokens or other access affected in anyway? For example, if the service account was connected to some app via SSO, could some automation with the API Token continue to authenticate with the API Token and and access that app?
Hi @dse7i (dse7i),
Thank you for posting on the Okta community page!
I have done some research and it seems that if the account is in Password expired/MFA expired state, the token will not be affected as these user statuses are considered an Active state therefore the Token created will still remain Active.
Keep in mind that the tokens remains valid only if the user who created it has an active status in Okta.
I have provided bellow a couple of articles about the Okta API token and about user account statuses in Okta:
I hope the above information is helpful!