Demo: Password Policies

Speaker 1: Okta centraliSes password management into a single easy to use password policy page. From here, administrators can easily set password requirements, like minimum password length and age, lockout settings, like max failed attempts, and even password reset options.

Speaker 1: Admins also have the ability to apply these settings at a system wide level or to assign different policies at a more granular level. For businesses with complex security requirements across multiple teams. These settings also apply to users authenticating and resetting passwords in Okta or even to those who are authenticating and resetting passwords in active directory or LDAP via delegated authentication.

Speaker 1: Let's take a closer look at password reset management by configuring these settings for a group of executives at our company. Let's locate their password policy and scroll down to the account recovery settings. From here, let's configure how long password resets or unlocked recovery emails are valid for. Considering my executives have more sensitive access, let's require them to act upon the recovery email in a shorter time period, about two hours. Next, let's ensure that their password recovery question responses are nice and complex, at least 10 characters. Then let's give them some additional ways to reset their passwords beyond just the traditional recovery email and security question flow by permitting SMS and voice calling.

Speaker 1: On top of this, it's also possible to further define the circumstances in which our executives are able to reset their passwords with rules. To be even more secure, let's only allow our execs to reset passwords when they're on corporate network. And that's it.

Speaker 1: Now let's take a look at the process of actually resetting our password in Okta. From the Okta sign in page, users can simply choose, need help signing in and then forgot password to kick off the reset flow. From here, users can simply enter in their email address and choose how they would like to reset their password, by email, by voice call, in which Okta calls a specified telephone number, shares a six digit pin for which you enter in Okta or via email. Regardless of what you chose, you will then be finally asked to answer a password reset security question that you first set up when you activated your account. Once complete, that's it. If your users were authenticating to Okta, their Okta password's now been reset. If they are performing Dell off to AD or LDAP, their AD or LDAP passwords have now also been reset as well.