Not able to Create User with Password & Recovery Question


We have been using REST API to Create Activated User with Password & Recovery Question for long time. But suddenly today, the REST API call started failing with this error - “The security question is disabled and cannot be changed”. Also, currently this only happens to the ORGs (luckily productionORGs are still working). Anyone experienced similar issue?

1 Like

Hi dcao,

We are also facing the same issue. Hope that Okta team resolves this soon.
Please let us know if you find any fix meanwhile.

Thank you.

This is most likely due to your Okta Orgs having the feature to not require a security/recovery question for users enabled. With the latest release it looks like you will not be able to create a user with it if this feature is enabnled.

Thanks, Erik, for the information. Yes, that is the case for us. We have that feature enabled in our ORGs. So is this a bug? or a feature? For us, the security question/answer is needed for our users. Otherwise, the following Forgot password REST API will not work for us.

POST/api/v1/users/ ${userId} /credentials/forgot_password

Sets a new password for a user by validating the user’s answer to their current recovery question