Passwordless User Activation


I am trying passwordless feature of okta. But it requires users to be activated by setting the password through activation url. But we wanted to create the users through API & activate the users through OTP. Is this feasible?

It’s possible to create a activate user with password


url: {{url}}/api/v1/users?activate=true

“profile”: {
“firstName”: “Isaac”,
“lastName”: “Brock”,
“email”: “isaac@{{email-suffix}}”,
“login”: “isaac@{{email-suffix}}”
“credentials”: {
“password” : { “value”: “{{password}}” },
“recovery_question”: {
“question”: “Who’s a major player in the cowboy scene?”,
“answer”: “Annie Oakley”
check out the users postman’s collection in Okta’s dev website for the additional information on setup.

Thanks @abroadhurst. I am trying to activate the user without setting the password, the new passwordless feature. OTP through SMS for every login.

You might still have to set a password as password is a form of MFA under the passwordless feature. However you could set a really secure password and set the account to go off another form of MFA primarily for the user. As long as you don’t include the password policy as a form of MFA in your MFA policy then you should have no issues. They may have to enter the password once to setup their MFA unless you do it via api.

1 Like