Technical Tip: The clients authenticating with SAML are not allowed to change or reset the password and receives the error 'Change password not allowed on specified user' in FortiClient.

Dhruvin_patel · ‎07-21-2025

Description

The article describes the reason why a client encounters the error 'Change password not allowed on specified user' in FortiClient when attempting to change or reset the password.

Scope

FortiGate, FortiClient.

Solution

This issue is not related to the service provider, and in most cases, the FortiGate acts as the service provider.

To resolve the issue, enable the option on the IdP that allows clients to change their password.

If the okta is acting as IdP (Identity Provider), ensure the user is part of a group that has a password policy, and that the 'Password Reset' option is enabled in the rule associated with the policy. See Users not able to change their password and login - Okta Support.
If the azure is acting as IdP (Identity Provider), enable and configure SSPR/write-back.

See Register the password reset verification method for a work or school account - Microsoft Support.

If the provided information is not helpful, refer to the IdP documentation to resolve the issue.

Technical Tip: The clients authenticating with SAML are not allowed to change or reset the password and receives the error 'Change password not allowed on specified user' in FortiClient.

You are leaving our website