As much as I’d like to forget, I’ve done a lot of support and much of that was authentication issues. I can certainly imagine in a corporate environment that some contingent of users would prefer to be hand-held through the reset request process, but all of them?
My expectation (and experience of other similar systems) was that Okta would not allow password resets by anyone but the organization administrators. However, that doesn’t appear to match up with what has been disclosed here.
It's easy to find a large segment of enterprise customers where handholding password resets is the only option because of an enterprise policy which is getting misapplied. Further, these support requests are probably unlimited in support contracts raking in significant income for Okta, so it becomes the default for customers not to worry about it. Any time companies are selling a product plus enterprise offerings, it becomes much more opaque as to what the complete product is.
When organizations make the on-prem to cloud jumps they frequently are trading off oversight and experience. Many tenured internal teams have been broken apart by these types of migrations because they are ultimately sold to management as cost saving endeavors. These folks would make your observation about organizations admins controlling resets, but they are gone.
My expectation (and experience of other similar systems) was that Okta would not allow password resets by anyone but the organization administrators. However, that doesn’t appear to match up with what has been disclosed here.