--- title: Account Access Integration - Okta excerpt: '' deprecated: false hidden: false metadata: title: Moveworks Account Access Integration - Okta description: >- Moveworks Account Access integration guide on integrating the Account Access skill with Okta. robots: index next: description: '' --- The Moveworks **Account Access** skill enables end users to resolve their login issues in a secure, self-service way via Okta. # Okta ## Unlock Account If enabled, this feature continuously polls your organization’s Okta system to check for account lockout events. Moveworks initiates a process to unlock user’s Okta account in response to the lockout event. ![](https://files.readme.io/271fb97-Untitled_-_2023-03-14T131201.088.png) ### Configuration options * **Frequency of Lockout Checks**: By default, **Moveworks checks (polls) Okta for locked out users every 30 seconds**. This cadence can be customized (e.g. every 60 seconds, etc) by Moveworks on request. * **Frequency of Account Lockout Notifications**: Users are notified of an account lockout a maximum of four times a day, with a notification every six hours sent to the user via your organizations's chat surface(s). The frequency of notifications (e.g. 4 reach outs per day) is also customizable. ### Behind the Scenes Moveworks communicates with Okta’s API over HTTPS to securely request account operations. For the most up-to-date information on Okta’s API, see [Okta’s online documentation](https://developer.okta.com/docs/reference/). **How does Moveworks identify locked out accounts?** Moveworks queries Okta’s System Log API for lockout events every 30 seconds, using the following search criteria: `eventType eq "user.account.lock" or eventType eq "user.session.start" and outcome.reason eq "LOCKED_OUT"` **How does Moveworks unlock accounts?** The bot unlocks a user’s account with a `LOCKED_OUT` status and returns them to `ACTIVE` status by using the following API call: **[`POST /api/v1/users/${userId}/lifecycle/unlock`](https://developer.okta.com/docs/reference/api/users/#unlock-user)** Once unlocked, the user will be able to log back into Okta with their existing password. ## Password Reset If a user forgets their password, the Moveworks bot can help users reset it by giving the user a single-use link to the Okta forgot password portal. The actual password change happens in your organization’s ITSM system, so any existing security policies defined in Okta will apply. ![](https://files.readme.io/b5fa1a0-OktaPasswordReset_1.png) ### Behind the Scenes Moveworks utilizes the “[Reset Password](https://developer.okta.com/docs/reference/api/users/#reset-password)” method of the Okta Users API to generate a one-time use link to the Okta Reset Password portal where they can change their Okta password. ## MFA Reset When employees ask the bot to reset their Okta Verify MFA factors, Moveworks will initiate an Okta reset, by removing all factors associated with the user. Once the factors are removed, Moveworks will link the user to your organization’s Okta portal, where the user can log in. Once user’s log in, they will be prompted to set up a new MFA factor within Okta. ![](https://files.readme.io/65c7bfc-Untitled_-_2023-03-14T131501.824.png) ### Configuration options The Moveworks bot can be configured in one of two ways for the MFA Reset functionality: 1. Allow the user to reset all factors in one step. 2. Allow the user to choose which factor to reset. In this case, when the user clicks `Yes, reset MFA`, they will be given a list of their factors to choose from. ### Behind the Scenes Moveworks is able to reset employee’s Okta MFA by using the following API call: `/users/{request.user_id}/lifecycle/reset_factors`