We’re trying to test Okta’s behavior when a password expires. We’re using the Okta-hosted sign-in widget. We have a user whose password is expired. When they try to log in, they are prompted to change their password via the widget. However, when they try to change their password, they are getting a message:
Change password not allowed on specified user
The user’s status is “Password expired. User is now in one-time password mode.” and they are managed by Okta. Their prior password was initially set by a password inline hook.
What could cause this?