<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A9mAiFCQUOkta Classic EngineAdministrationAnswered2026-01-18T09:00:29.000Z2024-06-20T14:23:18.000Z2024-06-21T16:57:49.000Z

i61t9 (i61t9) asked a question.

June 20, 2024 at 2:23 PM
Breached Password Protection

Does anyone have any info on this newly released (June 24) feature other than the one paragraph blurb https://help.okta.com/oie/en-us/content/topics/security/breached-password-protection/about-breached-password-protection.htm?

  • Is there any way to test it to confirm it works?
  • Is there a way to turn if off if the org has decided against SSPR? (I am not suggesting it should be done, just asking if it can be done)
  • How does one enable self service password expiry? Per the doc.... 'For AD-sourced users to reset their password after entering a breached password, you need to enable self-service password expiry in your org.'..... I am familiar with self service password reset, but self service password expiry is unknown and a google-fu search didn't come up with anything

 

  • 1 answer
  • 480 views

  • Mihai N. (Okta, Inc.)

    Hi @i61t9 (i61t9)​ , Thank you for reaching out to the Okta Community! 

     

    To answer your questions: 

    1. There currently is not explicit test beyond setting up and test user an attempting the use of known breached passwords. I expect the test result is dependent of the data set provided by the third parties. - You can suggest a this as a feature enhancement on the Okta Community page by going to the Community Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented. More details here.
    2. You should be able to disable the features on demand via a ticket to the Support team. 
    3. I recommend opening a support ticket to have our team confirm if the information in the documentation is correct. As far as I know, in the case of AD users that leverage Delegated Authentication, the password expiration is handled via AD side settings not the Okta Password policies.  

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
This question is closed.
Loading
Breached Password Protection