What type of user is affected by Okta's password policies?

The correct answer is that Okta's password policies directly impact Okta sourced users. This is because Okta sourced users are those accounts that are created and managed directly within the Okta identity management platform. Password policies are rules set in Okta that govern password complexity, expiration, and other factors, ensuring that users maintain secure credentials. Since Okta sourced users are directly under the purview of Okta's control, they are the primary users influenced by the password policies established within the Okta environment.

Active Directory users, while they may integrate with Okta, rely on the password policies enforced by Active Directory rather than those set in Okta. Third-party users also do not fall under Okta's password policies as they typically use their own credentials managed outside of Okta's infrastructure. Federated users, who authenticate through an external identity provider, similarly are not subjected to Okta's password policies, as their authentication processes are determined by their corresponding identity providers. Thus, Okta's password policies specifically apply to users created within its system.