Documentation
incode.com
  1. Integrations Ecosystem
  2. IAM Integrations
  3. Okta IDV Standard

Account Resets & Recovery with Okta IDV Standard

You can use Incode identity verification as the authentication method in Okta's Account Management Policy, enabling employees to recover access to their accounts through biometric and document verification instead of or in addition to traditional recovery factors.

This guide covers configuring Okta to trigger an Incode IDV session during password reset and MFA recovery flows.

Prerequisites

  • You have completed the Okta IDV Standard setup guide
  • An Okta Identity Engine (OIE) instance
  • An Okta administrator account with permissions to manage Authentication Policies and the Account Management Policy

How It Works

Okta's Account Management Policy controls what authentication factors a user must satisfy before completing a self-service recovery action such as a password or MFA reset. By adding Incode IDV as an allowed factor in this policy, Okta routes users through an Incode identity verification session before granting recovery access.

When triggered:

  1. The user initiates a password reset or MFA recovery from the Okta login page.
  2. Okta evaluates the Account Management Policy and determines that Incode IDV is required.
  3. Okta redirects the user to an Incode verification session.
  4. The user completes the configured verification session on their mobile device. The Workflow you select when configuring the Okta IDV Standard integration determines the requirements of this session.
  5. Incode returns a verification result to Okta.
  6. On success, Okta allows the user to complete the recovery action.

Set Up Guide

Step 1: Confirm Incode IDV Is Configured as an Identity Provider in Okta

Confirm that the Incode IDV Standard integration is active in your Okta instance. Navigate to Security > Identity Providers and verify that Incode IDV appears in the list.

If it is not yet configured, complete the Incode IDV Integration with Okta setup guide first.

Step 2: Configure the Account Management Policy

  1. Log in to your Okta Admin Console.
  2. Navigate to Security > Authentication Policies.
  3. Select Account Management Policy.
  4. Add or edit a rule for the users or groups you want to require identity verification for recovery.
  5. Under Then, set the authentication requirement to include Incode IDV as an allowed or required factor.
  6. Save the rule.

Step 3: Test the Recovery Flow

  1. Navigate to your Okta organization's sign-in page.
  2. Select Forgot password or trigger an MFA recovery for a test user.
  3. Confirm that Okta routes the user to an Incode verification session.
  4. Complete the verification and confirm that Okta allows the recovery action to proceed.

Updated about 2 hours ago