I am using the Okta Spring SDK version 3.0.6 along with the Okta SDK API version 8.2.5.
Here is my workflow:
In my application, I am an admin and I want to reset a user’s password directly from my app, rather than using the Okta dashboard. When I click a button in my app to trigger the password reset, an email is sent to the user to create a new password. However, it seems that certain password policies, specifically the password history policy, are not being enforced when the user sets their new password. We are using our own custom email template, not Okta’s default email.
We want to ensure that the password history policy is applied in this scenario. We have looked for parameters or settings to enable this but have not found any. Do we need to use any other SDKs or endpoints to achieve this?
Additionally, here are some specific details about our setup:
- We are using the Okta Spring SDK to integrate Okta with our Spring Boot application.
- The password reset process is initiated programmatically from our application.
- The application sent the email to the user for password reset.
- We need to enforce the password history policy to prevent users from reusing their previous passwords.
Any guidance on how to enforce the password history policy during the password reset process would be greatly appreciated.