<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009F1MsICAVOkta Classic EngineAdministrationAnswered2024-04-17T12:31:58.000Z2023-05-25T10:02:51.000Z2023-06-06T06:11:53.000Z

iwokc (iwokc) asked a question.

May 25, 2023 at 10:02 AM
I want to prevent certain users from performing password resets.

On the Okta login screen, there is a link provided for users who have forgotten their passwords. I would like to disable password resets for users belonging to a specific group.

If someone attempts to log in with a non-existent user (e.g., example@test.com) and clicks on this link, they will see a message stating that password reset is not allowed. It is acceptable to display this message. However, if possible, it would be better to have the ability to modify this message.

  • 4 answers
  • 1.05K views

  • Mihai N. (Okta, Inc.)

    Hi @iwokc (iwokc)​ , Thank you for reaching out to the Okta Community!

     

    The Okta Password Polices can be configured at group level as per the documentation but the messaging cannot be customized and the link cannot be invalidated as it's available before the user puts in any identifiable information. 

     

     

    If my answers helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Watch and Learn: New Okta how-to videos, plus what's new this month in the May newsletter.

    Expand Post

  • iwokc (iwokc)

    @Mihai N. (Okta, Inc.)​ 

    Thank you for answering.

    As I wrote in the example, if you link after logging in with example@test.com, you will see a message that password reset is not allowed.

    Also, in the case of a link after entering an existing ID, a message is displayed to the effect that a password reset email has been sent.

    What I want to do is that I want only users belonging to a specific group to have the same behavior as example@test.com.

     

    Why is a message displayed stating that password reset is not allowed for example@test.com? Is it due to Okta tenant settings or because the corresponding ID is not found?

    Is it difficult to achieve the same behavior as example@test.com through Okta tenant settings?

    Expand Post

    • Mihai N. (Okta, Inc.)

      I tried to reproduce the flow on my end and I get the same result regardless of what kind of ID I put in (existing or non-existing user). As I would expect for my environment - I get the generic "Email has been sent to random_email@fakemail.com with instructions on resetting your password."

      Please open a case to work with one of our Support Engineers who can review your configuration and provide further assistance and clarification.  

      Expand Post

  • iwokc (iwokc)

    @Mihai N. (Okta, Inc.)​ 

    After disabling the following items, it became the expected behavior.

    Security > Authenticators > Password > [any policy] > [any rule] > password reset

This question is closed.
Loading
I want to prevent certain users from performing password resets.