ShaiT.11446 (Customer) asked a question.
Activate users without a password
I've seen this question asked before, but the answer was unsatisfactory and the question was closed. I'm trying to activate users who have registered to an OIDC IDP with me without a password. These users never login using the password so redirecting them to an activation page where they need to enter a password is confusing.
I realize that providing some randomly generated password through the API would get the job done, but I would rather find a solution that doesn't involve "hacks", if possible.
Hello @ShaiT.11446 (Customer) Thank you for posting on our Community page!
Since the user has been already created as active, there is no way to send or resend the activation email. The only other way would be to also expire that password, so that they are forced to create their own. Please see doc below:
https://developer.okta.com/docs/reference/api/users/#expire-password
A different approach for this would be to perform a reset password from the Okta Admin UI, where you would add users to a specific group and then go to Directory-> People->Reset Password -> On the left hand side you can change the action per Group and then perform a mass password reset for that group. Please see attached screenshot:
Thank you for reaching out to our Community and have a great day
!--
Join the Ask Me Anything online event on June 13, 2024 to discuss the new Govern Okta Admin Roles feature with our Experts
Hi @Paul S. (Okta, Inc.)
For one thing, my users are created in "pending user action" status, which requires activation on their end (currently, with a password, which is the problem I'm attempting to solve). For another, I'm not trying to send or resend the activation mail, I'm trying to activate their users without a password. Expiring their password so they are forced to create their own isn't relevant either because, again, I'm trying to activate their user without a password.
Hi @ShaiT.11446 (Customer) I see, I misunderstood your question. In this case you can activate these users as Federated. If these users are "type": "FEDERATION" then they will not require a password and the will be SSO users. Please see doc below and let me know if this helps.
https://developer.okta.com/docs/reference/api/users/#create-user-with-authentication-provider