POST /api/v1/users/{id}/lifecycle/reset_password
Resets a password. Generates a one-time token (OTT) that you can use to reset a user's password. You can automatically email the OTT link to the user or return the OTT to the API caller and distribute using a custom flow.
This operation transitions the user to the RECOVERY status. The user is then not able to sign in or initiate a forgot password flow until they complete the reset flow.
This operation provides an option to delete all the user's sessions. However, if the request is made in the context of a session owned by the specified user, that session isn't cleared.
Note: You can also use this API to convert a user with the Okta credential provider to use a federated provider. After this conversion, the user can't directly sign in with a password. To convert a federated user back to an Okta user, use the default API call.
If an email address is associated with multiple users, keep in mind the following to ensure a successful password recovery lookup:
- Okta no longer includes deactivated users in the lookup.
- The lookup searches sign-in IDs first, then primary email addresses, and then secondary email addresses.
If
sendEmailisfalse, returns a link for the user to reset their password.
Servers
- https://{yourOktaDomain}
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
id |
String | Yes |
An ID, login, or login shortname (as long as the shortname is unambiguous) of an existing Okta user |
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
revokeSessions |
Boolean | No |
Revokes all user sessions, except for the current session, if set to Default value: false |
sendEmail |
Boolean | Yes |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.