Self service password change custom validation

Greetings!

We have a scenario where users can use self-service to change their passwords in Okta. However, before changing the password, we need to perform a custom validation with an external service. How can I achieve this? My organization is using the Okta Identity Engine.

The basic idea would be:

  1. The user changes their password through self-service.
  2. Okta calls my web service, sending the “event” along with the password.
  3. In the web service, I call the external validator.
  4. If the password is valid, the operation succeeds; if it is invalid, it fails.