JustinD.98448 (Cathay Bank) asked a question.
FIDO2/Security Key for Self-Service Password Reset
I noticed the Authenticator options for SSPR seem rather limited, relative to the diverse offerings usually possible for configuration in Okta.
My organization primarily uses FIDO2/WebAuth YubiKeys as our 2nd factor. Is there a feature flag or way to enable this as a factor for password recovery *initiation* - rather than only as verification? If this is not possible or not being considered on the roadmap, I would very much like to know the rationale. Our company does not allow all users to have access to their personal phones, plus email is out of the question once integrated into Okta SSO.
Hello @JustinD.98448 (Cathay Bank) , thank you for contacting Okta Community.
A security key can be used for self-service password reset. You can set this up through an account management policy. For more details, please see the following:
Okta account management policy
Add a rule for password recovery and account unlock
If you think you are missing a feature flag, those can be enabled upon request through a Support ticket (Customer Support Account ID number required). Some features may incur additional cost, so I would recommend that you discuss the matter with your Account Executive before making the request.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
@User17157611498146715886 (Customer Support Online Community and Social Care) Thank you!!! Using the Okta account management policy instead of the default password recovery settings, I was able to get this working.
Much appreciated!