MyApps Application Portal: Enrolling in Multi-Factor Authentication (MFA)

 

Summary

Okta allows the use of Multi-Factor (or Two-Factor) authentication which means you have additional checks in place to verify your identity when logging in.  During early adoption stages of Multi-Factor Authentication (MFA), text messages or voice calls were a common way to verify your identity when logging on.  Soon afterward, separate applications for your smart phone became the norm.

In short, if you enroll in MFA (which may be required to access sensitive applications), you will enter your username and password as well as confirm your sign-in via one of the MFA methods.  In most cases, you only need to verify with MFA periodically and/or when you sign in from a new ‘untrusted’ device.  Once verified, the device will become ‘trusted’ for a period of time and will not prompt you again until that time expires.
 

Smart Phone Methods

Okta Verify

Google Authenticator

Alternative Methods

Security Key or Biometric Authenticator (i.e. fingerprint reader or facial recognition like Windows Hello)

Traditional Methods

SMS Authentication

Voice Call Authentication

 

ITS’ recommended method is using the Okta Verify app as it is the most convenient method and will automatically give you a notification to verify your login when you attempt to sign in.  You are also encouraged to setup a second method as well (like Voice Call or SMS) as a backup.

 

Enrolling in MFA

  1.  Sign into myapps.union.edu and click your name in the upper right of the dashboard screen, then click the Settings drop-down.


     
  2. On the next screen you will find an Extra Verification section which will show you the various methods of MFA you can use.  Click Set up on the method of your choice (Okta Verify is recommended) and it will walk you through a few simple steps to configure it.  Note: If all of the options under Extra Verification are grayed out, you probably have an existing MFA method setup in which case you just need to scroll to the top of the page and click Edit Profile in the upper right before you can modify these settings.
     
  3. You should add more than one MFA method as a backup (like Okta Verify and SMS).  This is useful if your smartphone is unavailable or has been replaced with a new phone and you need to use SMS as stop-gap.

  4. If you set up multiple methods for MFA, please note that you can easily toggle between them with the pulldown arrow during Okta sign-in.  It will remember your last chosen method by default.


     

 

Enrolling in MFA on a Replacement Smart Phone

The best idea is to enroll in an SMS secondary MFA method (assuming you are keeping your phone number on the replacement phone) to avoid any complications like the below.  Otherwise, see the below instructions.

  1.  If you *know* you are going to get new phone in the near future, you should go to the Extra Verification settings (shown above) and click Remove on the MFA method.
     
  2. After you are setup on your new phone, you can simply come back and click Set up again to enroll your new phone with the MFA app.
     
  3. If your phone was lost or broken:
    1. You may be able to log into Okta still on your trusted device and change the MFA settings above to enroll your new phone.
       
    2. If you need to verify with MFA when trying to sign into Okta but have no access to the old phone, you can email HelpDesk@union.edu (or log a request) to have your MFA methods reset by an Administrator (and then you will be able to log in and reconfigure it).