Hey, we’re migrating from Okta Classic to Okta Identity Engine and are using the Okta SDK in our backend.
This is an admin-initiated user lifecycle password reset (not self-service). We call reset password with sendEmail = false, receive a reset token, and send our own custom email.
What’s unclear in Identity Engine is the next step:
How is this admin reset password token supposed to be verified or consumed using the Identity/IDX SDK?
Is there an IDX flow that accepts this token, or is validation handled implicitly?
Do we pass this token directly into a set-password / remediation step?
This was more explicit in Classic, but we’re not seeing a clear equivalent in Identity Engine. Any guidance or docs would be appreciated. Thanks!
Recovery Tokens were an Okta Classic way to reset passwords, so they won’t be available in the IDX. IDX flows can’t be initiated with a recovery_token from the Management API.
Is there documentation available that outlines which Management APIs are compatible with Okta Identity Engine versus those that are considered Classic-only? A compatibility matrix or migration reference would be very helpful as we continue this transition.
Additionally, to confirm our understanding: does this mean the Okta Admin Dashboard is still leveraging Classic APIs for certain lifecycle operations? We’re asking because we are able to use the recovery token generated from the admin-initiated reset when accessing the Okta-hosted reset flow.
We appreciate any additional insight you can provide.