Password expired but "Change password not allowed on specified user"

We’re trying to test Okta’s behavior when a password expires. We’re using the Okta-hosted sign-in widget. We have a user whose password is expired. When they try to log in, they are prompted to change their password via the widget. However, when they try to change their password, they are getting a message:

Change password not allowed on specified user


The user’s status is “Password expired. User is now in one-time password mode.” and they are managed by Okta. Their prior password was initially set by a password inline hook.

What could cause this?

The issue was the user matched a custom password policy rule that did not have any of the self-management options checked:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.