Guides

Incode IDV with Okta: Integrating with Account Resets & Recovery

Suggest Edits

Prerequisites

Before starting, ensure you have setup Incode Workforce IDV with Okta as described here


Use your Workforce IDV with Okta Account Management Policy

  • Okta's Account Management Policy defines how users must authenticate when they enroll authenticators or edit their personal information. See Okta's documentation on Okta Account Management Policy for more information

  • How to require a user to use Incode Workforce IDV to verify their identity before they enroll a new authenticator method:

    • Once your Incode IDV is configured Log in to your Okta Admin Console.
    • Create a group with the initial users you want to test with, we will use a group named Incode Workforce Identity Verification in our example
    • Navigate to Security from the left-side menu and select Authentication Policies
    • Select Okta Account Management Policy at the top

    • Add a Rule to Okta Account Management Policy with the following settings configured

      • Rule Name: Name your policy - ex. (Workforce Identity Verification Policy)

      • IF:

        • User's group membership includes: Your Group name - ex. (Incode Workforce Identity Verification)

      • THEN:

        • Access is: Allowed after successful Identity Verification

          • Select your new Incode IDV you created
            Note: New IDV option may not show up in dropdown initially but if you attempt to search for it, it should appear.

    • The next time a user in your Workforce group attempts to reset or enroll an authenticator Okta will prompt them to verify their Identity via Incode Workforce

Use your Workforce IDV with Okta Account Management Policy for Password Resets and Account Unlocks

Okta has a separate setting that needs to be configured to enforce password resets and account unlocks to use the Okta Account Management Policy. For Okta's Documentation see here

  • In your Okta Admin Console

    • Navigate to Security from the left-side menu and select Authenticators
    • Find Password select Actions and Edit
    • Edit your existing rule(s) or add a new rule assigned to your group. If you only have a default rule you may need to a new rule for Self-Service
    • Set your rule to use Authentication policy for Access control
    • The next time a user assigned to your Incode Workforce IDV group attempts to reset or unlock their account it will prompt them to use Incode Workforce IDV to verify themselves before proceeding

  • For how to setup an Okta Passwordless sign-in experience see here

Updated about 1 month ago