JAMF connect, and any other tool really just sync the IDP password to the Mac. The Mac still uses a local account, and has that accounts password stored in the keychain. The user must unlock the Mac with the local password the keychain has, then log in to Jamf Connect Menubar (okta) with the new password and finally unlock the keychain with the old password to allow JAMF Connect to update the keychain (login) password. This is not a limitation of JAMF Connect or its competitors, as this is how Apple has designed the login keychain to work.
The best way to approach a password reset is with the FileVault recovery. This will force the user to update their keychain password which will let them log in to macOS. For the Okta password I recommend against using temporary passwords due to the convoluted syncing process. Send the user to your Okta portal once they are in to macOS and have them use the forgot password option to reset their password. From there they can use the new Okta password to log in to JAMF Connect Menubar and start the process to sync everything up.
If you forgot your Mac login password - Apple Support
TL;DR: Resetting a password in Okta does not automagically update the macOS Login password. The user still needs to log in to macOS with the old password to attempt to sync the passwords.
- The best way to "reset" a users macOS Login password is with the FileVault recovery key
- The best way to reset the users Okta password is to send the users to the "forgot my password" option within Okta.
