I am looking to enable self -service password reset (SSPR) for our Windows 10 (and soon 11) clients. We have the standard vanilla domain with AD Connect syncing to Azure AD for machine accounts only (for hybrid devices). We use Okta for our Identity Provider, which does as much authentication and SSO as is possible and we allow.
So here's the rub. Because we use Okta for account provisioning, authentication, etc., we can't enable Password Writeback in AD Connect. It would pretty much cause a loop where the password was constantly changing, or at least being seen as constantly changing. Okta does partner with another company to provide SSPR, but it's not as elegant or simple as we'd like it to be (unfortunately). We can have our users reset their AD passwords in Okta, which will write back into AD and across to Azure AD. This is the only modification we allow Okta to make to our on-prem AD.
My question is around the Microsoft/Windows UI, when you enable the Password Reset link (which we have, via Group Policy). Is it possible to change the UI the password reset functionality looks to? Put simply, I'd like to have a user click Password Reset, and the user is presented with Okta's reset password UI. I know it's probably not possible, but I just wanted to reach out and ask.