Setting Up Multi-Factor Authentication (MFA)

Summary

How to add an additional factor and step-by-step instructions for setting up MFA

Body

Adding an Additional Factor

  1. Log in to your Okta dashboard, click your name in the upper-right corner then click Settings.
    settings in okta dashboard
  2. Scroll down to the Extra Verification section and click Set up next to the factor of your choice.
    extra verification
    • If the option is grayed out, you may need to click Edit Profile in the upper right.
      edit profile

Configuring Okta Verify

This is the recommended option if you have a smartphone as it will be the quickest way to verify your login. Instead of needing to type in a code, you can simply respond to a yes/no push notification on your mobile phone.

  1. Click Set up next to the Okta Verify option.
  2. Select iPhone or Android then install the Okta Verify app on your mobile device using the link for the Apple App Store or Google Play Store. Click Next.
  3. Open the Okta Verify app on your mobile device and tap Add Account or the plus sign (+). 
    okta verify plus icon
  4. Tap Organization as the account type to proceed.
  5. Tap Skip when prompted to add account from another device.
  6. Tap Yes, Ready to Scan and allow access to the camera if prompted.
  7. Point your phone camera at the QR code displayed in your browser window. 
  8. Allow notifications if prompted. You are now enrolled in Okta Verify! The next time you sign in, you will be able to send a push prompt to your phone or enter the one-time code displayed from the Okta Verify app.

For more information, see Okta's guide on setting up Okta Verify.

Configuring Authenticator App

With the Google Authenticator option, you may instead choose to use any other authenticator app such as 1Password, Authy, LastPass, or Microsoft Authenticator. Though the factor will show as Google Authenticator in Okta, the 6-digit code generated by any of those apps can successfully be used to verify your login. Please consult the support documentation for the app of your choice. The instructions below are for setting up Google Authenticator.

  1. Click Set up next to the Google Authenticator option.
  2. Select iPhone or Android then install the Google Authenticator app on your mobile device using the link for the Apple App Store or Google Play Store. Click Next.
  3. Open the Google Authenticator app on your mobile device and tap Get Started or the plus sign (+) then tap Scan a QR Code
     Uploaded Image (Thumbnail)
     
  4. Point your phone camera at the QR code displayed in your browser window then click Next.
    • Note: allow notifications and access to the camera if prompted.
  5. Enter the code displayed in the Google Authenticator app then click Verify.
  6. You are enrolled with Google Authenticator! The next time you sign in, you will be able to use the 6-digit code displayed on the app to to verify the login attempt.

For more information, see Google's guide on using Google Authenticator.

Configuring SMS/Text Message

  1. Click Set up next to the SMS Authentication option.
  2. Click the dropdown to select the country where your phone is registered and enter your 10-digit cell phone number. Then click Send CodeNote: At this time, only US and Canada cell numbers can be used.
  3. You will receive a text message on your cell phone with a 6-digit verification code. Enter the code in the field and click Verify.
  4. You are enrolled with SMS authentication! The next time you sign in, you will be able to send a 6-digit code to your cell phone to verify the login attempt.

Configuring Voice Call/Landline

  1. Click Set up next to the Voice Call Authentication option.
  2. Click the dropdown to select the country where your phone is registered and enter your phone number. This can be a landline or desk phone. Then click Call. Note: At this time, only US and Canada phone numbers can be used. We do not recommend using a Google Voice number.
  3. You will receive a voice call with the following message: “Hello. Thank you for using our phone verification system. Your code is #####. Once again, your code is #####. Goodbye.” Enter the 5-digit code you hear then click Verify.
  4. You are enrolled with Voice Call Authentication! The next time you sign in, you will be able to have a 5-digit code delivered via voice call to verify the login attempt.

Configuring Hardware Token/Security Key

If you already have your own existing hardware token or physical security key, you can use it as your second factor as long as it is FIDO2 compatible. Please note this is not a standard option and will only have limited, “best effort” support. Therefore, you will first need to contact the Service Desk to request that this option be enabled for your account before setting it up. Technology Services will not be providing hardware tokens.

While Technology Services does not recommend any specific FIDO2 key, nor can TS guarantee that any FIDO2 key that you purchase will work, the Yubico YubiKey 5 and Security Key series or FEITIAN ePass series are considered industry standard keys.

  1. Contact the Service Desk at 253-879-8585 or servicedesk@pugetsound.edu to request that this option be enabled for your account.
  2. Click Set up next to the Security Key or Biometric Authenticator option.
  3. Click Setup on the next screen.
  4. Click Enroll and insert the security key into the USB port on your device.
    enroll security key
  5. Follow the prompts to complete the setup. This will vary depending on what type of security key and computer/browser you are using. You may be asked to create/enter a PIN, physically tap the security key, and/or allow login.pugetsound.edu to use your security key.

 

Details

Details

Article ID: 8554
Created
Mon 6/17/24 5:59 PM
Modified
Thu 8/22/24 1:03 PM