jb3pv (jb3pv) asked a question.
Force First Time Login password change for AD sourced users
For a background we are using Passwordless MFA.
So when a user logs in after their first time it does not challenge them for a password, just their MFA factors.
The issue i am having is during First time login. During First time login it asks for username and password (delAuth) and then asks them to enroll in MFA factors. After MFA factors it tells them their password has expired and to reset it. Well i found that if you exit this page without making a new password and go log in again, Okta will no longer ask you to change your password since it is using MFA factors and is not hitting delAuth.
Has anyone else ran into this issue?
Hi @jb3pv (jb3pv) , Thank you for reaching out to the Okta Community!
Base on the description provided, this looks like expected behavior.
For all intents and purposes, the conditions for the (passwordless) authentication policy have been met, so there is no trigger for Password (re)configuration required.
That being said, I understand that you might have specific requirements for this to happen. You can open a case to work with one of our Support Engineers to get additional confirmation or possible alternatives to the flow you would like to use.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
💡 Community Moderator Tip: Join a group today and connect with other Okta customers by region or product.