To allow password resets for AD-mastered users, which rule section should you edit?

To enable password resets for Active Directory (AD) mastered users, one must edit the legacy rule section. This is because the legacy rule pertains specifically to how Okta manages authentication and password policies for users whose credentials are stored in an external identity source, such as Active Directory. By modifying the legacy rule, admins can specify behaviors associated with password resets, ensuring that the AD-mastered users can reset their passwords effectively.

The other sections do not directly address the issue at hand. Auditing relates to monitoring and logging activities, which does not influence password management functions. Authentication strength deals with the security requirements needed for user authentication, not the processes for resetting passwords. Password expiration settings manage how often users need to change their passwords, but do not specifically allow for password resets. Therefore, focusing on the legacy rule is essential for implementing password reset functionalities for AD-mastered users.