Multi-factor Authentication and Okta

Page

Okta is a new ISU application for handling identity management and security.  In addition to providing single sign-on to ISU web applications, Okta can add Multi-factor authentication protection to your Net-ID.

What is Multi-factor Authentication?

Currently your Net-ID has a single form of authentication--your password.  If someone guesses your password or your account is compromised via phishing or malware, your stored information is exposed.  Multi-factor authentication protects your account with a second type of verification so that even if someone has your password, they will still be unable to log in to your account.  You will often hear multi-factor authentication referred to as something you know (your password) and something you have (phone, text message, etc). 

With multi-factor authentication, when you log in, you'll not only type your password but you'll be asked to verify your access via an app on your phone or to type in a unique code.

Multi-factor authentication will be required for all University employees by March 1st, 2019.

LAS IT has found that using a smartphone (iPhone or Android) is an extremely convenient method for using OKTA.  If you don't have a smartphone or prefer not to use your smartphone with OKTA there are several other options available:

  • Okta Verify Mobile App (A push notification to your smart phone)
  • Google Authenticator Mobile App (A rotating code from an app on your smart phone)
  • Text Message Code (A code via SMS)
  • Voice Call (Landline or cell phone)
  • Yubikey (hardware security token)

Before activating multi-factor authentication please ensure you are in a place where the device(s) you intend to use are at hand.  If you would like assistance with this process please don't hesitate to reach out to your LAS IT person.

To activate Multi-factor authentication in Okta

  1. Go to login.iastate.edu
  2. Log in with your Net-ID and password*
  3. On the Okta dashboard, click on the tile "Activate Multi-factor Authentication"

    Activate Multi-factor authentication

  4. Scroll to the bottom of the page and click on the "Activate" button.

    Activate Multi Factor Authentication Button

  5. You will be prompted to login again.
     
  6. Select the multifactor authentication that you would like for your account.  You can choose from:
    1. Okta Verify Mobile App (A push notification to your smart phone)
    2. Google Authenticator Mobile App (A rotating code from an app on your smart phone)
    3. Text Message Code (A code via SMS)
    4. Voice Call (Landline or cell phone)
    5. Yubikey (hardware security token)

       Set up multifactor authentication options​​​​​​

To enable, click on Setup for the specific type of verification you want to enable and follow the instructions (if the button says Reset rather than Setup, it means that verification method is already enabled).  You can set up more than one type of multi-factor authentication.  We recommend that you set up at least two (you will only use one at a time) for flexibility.

If this is your first time logging in you may be asked to provide a secondary e-mail address or a phone number.  This is for self-service password resets and can be skipped and entered later.

More detailed instructions:

More detailed instructions for each of the authentication types can be found on WorkCyte in both video and PDF format.