<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00001II4510ADOkta Identity EngineOkta Device AccessAnswered2025-08-25T02:52:15.000Z2025-08-22T01:56:23.000Z2025-08-25T02:52:14.000Z

ShoichiroK.00155 (LAC Co., Ltd) asked a question.

August 22, 2025 at 1:56 AM
Password Management in Okta and Microsoft 365 Integration

Premise:

We are integrating Okta and Microsoft 365 (M365) using WS-Federation.

We are not using on-premises Active Directory (AD).

Devices are Entra Joined.

 

Question 1:

If a user wants to change their device password, is it possible to change the password from Okta and have it reflected?

Additionally, is the Okta Device Access license required?

 

Question 2:

Is it possible for users to change their password directly from their devices?

When I tried it, it displayed a message saying that password writeback is not enabled, so the change couldn't be made.

 

If anyone knows the answer, please let me know.

  • 2 answers
  • 402 views

  • RohitU.50441 (Trevonix)

    Hi @ShoichiroK.00155 (LAC Co., Ltd)​ 

    Since this is a cloud-only environment, when you federate Azure AD with Okta, Windows devices authenticate via Okta. For Azure AD–joined device sign-in, the Windows logon client uses WS-Trust (active federation) with Okta.

     

    Users cannot change their password directly on the device (Ctrl+Alt+Del or Windows logon UI). All password changes must be performed through Okta’s self-service password change/reset flows.

     

    Because Azure AD defers all authentication to Okta, the Okta password becomes the Windows login password. Changes in Okta are effective immediately for device sign-in and Microsoft 365 services.

    Expand Post
    Selected as Best

  • HarryL.05482 (Anthropic Identity)

    Hey Shoichiro!

     

    Question 1 - It is possible to change the password from Okta and have it reflected as the device password, however it will likely require the Okta Device Access (ODA) SKU. I would recommend double checking this with your Okta representative.

     

    Question 2 - Not fully sure I am following, but seems you're talking about a CTRL ALT DELETE reset on the device? You're wondering if you can reset PW there which also takes effect in Okta?

    Expand Post

  • RohitU.50441 (Trevonix)

    Hi @ShoichiroK.00155 (LAC Co., Ltd)​ 

    Since this is a cloud-only environment, when you federate Azure AD with Okta, Windows devices authenticate via Okta. For Azure AD–joined device sign-in, the Windows logon client uses WS-Trust (active federation) with Okta.

     

    Users cannot change their password directly on the device (Ctrl+Alt+Del or Windows logon UI). All password changes must be performed through Okta’s self-service password change/reset flows.

     

    Because Azure AD defers all authentication to Okta, the Okta password becomes the Windows login password. Changes in Okta are effective immediately for device sign-in and Microsoft 365 services.

    Expand Post
    Selected as Best
This question is closed.
Loading
Password Management in Okta and Microsoft 365 Integration