With Multi-Factor Authentication (also known as MFA or 2-Step Verification), you add an extra layer of security to your account.
After you set it up, you’ll sign in to your account in two steps using:
- Something you know (your password)
- Something you have (like your phone)
How to Set Up Biometric Verification
- Go to signon.okta.com and sign into your account.
- Click on your name and Global ID button at the top right and select “Settings” from the drop-down menu.
- Select “Edit Profile”.
- Enter your password to verify your identity.
- Enter your authentication code when prompted.
- Scroll down the page until you see the “Extra Verification” section, then click the “Set up” button next to “Security Key or Biometric Authenticator”.
- CLick “Setup”", then “Enroll”.
- You will then be prompted to connect with your biometric service.
- You will be redirected to your profile settings page with a notification at the bottom of the screen saying you have successfully connected your biometric service.
NOTE: To use biometric authentication on another device, you must repeat the above steps on that device. If you add biometric verification using your laptop, you must repeat the same steps on each additional device (your phone, on your tablet, etc.).
How to Set Up and Use Google Authenticator MFA
- On your computer, navigate to signon.okta.com and log in to your Okta account.
- Click on "Global ID" and then click on “Settings” to find the drop-down menu at the top right of the screen.
- Click “Set up” next to Google Authenticator.
- Click “Setup”.
- Follow the prompts to install the Google Authenticator app on your mobile device, if you don't already have it installed.
- Select your device type and click next.
- You will see a QR code like this:
- On your mobile device:
- Open the Google Authenticator app.
- Tap the '+' icon.
- Select “Scan a QR code”.
- Use your mobile device to scan the QR Code displayed by Okta.
- Open the Google Authenticator app.
- On your web browser, click Next.
- Once installed, the Google Authenticator app needs no internet connection to generate a time-based code, but it does require an accurate time on your mobile device. The Google Authenticator app will generate a 6-digit, time-based code on your mobile device.
- Enter the 6-digit code that was generated by Google Authenticator into Okta and click Verify.
- If all went well, you are now set up to use Multi-Factor Authentication and should be signed into the website or service you were attempting to access!
How to Use Google Authenticator
When you log into a website or service protected by Okta and Multi-Factor Authentication, you'll see a prompt similar to the one below.
If you have already set up multi-Factor authentication for Okta (see section above), open the Google Authenticator app on your mobile device.
Once installed, the Google Authenticator app needs no internet connection to generate a time-based code, but it does require an accurate time on your mobile device.
- Open the Google Authenticator app on your mobile device.
- Find the 6-digit, time-based code labeled signon.okta.com (or Okta).
- Enter the 6-digit code generated by Google Authenticator onto the Okta log-in portal and click Verify.
- If your code does not work, try again after the code refresh on the Google Authenticator, which happens about every 30 seconds. You have 30 seconds to enter your code into the Okta sign-in portal before the code resets again.
- Open the Google Authenticator app on your mobile device.
You can also check out how to set up Authy, for a preferred alternative to Google Authenticator.
