Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Okta IDV Standard

Account Resets & Recovery with Okta IDV Standard

You can use Incode identity verification (IDV) as the authentication method in Okta's Account Management Policy, enabling employees to recover access to their accounts through biometric and document verification instead of or in addition to traditional recovery factors.

This page covers configuring Okta to trigger an Incode IDV session during password reset and MFA recovery flows.

Prerequisites

Ensure you have the following before you begin:

  • Okta IDV Standard setup page complete
  • An Okta Identity Engine (OIE) instance
  • An Okta administrator account with permissions to manage Authentication Policies and the Account Management Policy

Understand IDV for Account Recovery

Okta's Account Management Policy controls what authentication factors a user must satisfy before completing a self-service recovery action such as a password or MFA reset. By adding Incode IDV as an allowed factor in this policy, Okta routes users through an Incode identity verification session before granting recovery access. When triggered:

  1. The user initiates a password reset or MFA recovery from the Okta login page.
  2. Okta evaluates the Account Management Policy and determines that Incode IDV is required.
  3. Okta redirects the user to an Incode verification session.
  4. The user completes the configured verification session on their mobile device. The Workflow you selected when configuring the Okta IDV Standard integration determines the requirements of this session.
  5. Incode returns a verification result to Okta.
  6. On success, Okta allows the user to complete the recovery action.

Set Up IDV for Account Recovery

Confirm Incode IDV Is Configured in Okta

In your Okta instance, navigate to Security > Identity Providers and verify that the Incode IDV Standard integration appears in the list. If it is not yet configured, complete the Incode IDV Integration with Okta setup page.

Configure the Account Management Policy

  1. Log in to your Okta Admin Console.
  2. Navigate to Security > Authentication Policies.
  3. Select Account Management Policy.
  4. Add or edit a rule for the users or groups you want to require identity verification for recovery.
  5. Under Then, set the authentication requirement to include Incode IDV as an allowed or required factor.
  6. Click Save.

Test the Recovery Flow

  1. Go to your Okta organization's sign-in page.
  2. Select Forgot Password or trigger an MFA recovery for a test user.
  3. Confirm that Okta routes the user to an Incode verification session.
  4. Complete the verification and confirm that Okta allows the recovery action to proceed.