Multi-factor authentication (MFA) involves the use of a secondary form of verification in addition to a password. This provides an added layer of security when you access services that contain private or protected information. Because this secondary authentication is unique to your account, you must set up and manage your MFA options as a component of your Colby account. The following instructions will guide you through selecting and setting up your MFA options.
Configuring and testing your factors for the first time will take about 10 minutes. As part of the process, you will need to have your available factors – a telephone, cell phone, smart phone, or a token like a Yubikey (if you don’t know that that is, don’t worry!) – ready to configure and test. When you are ready to begin, follow the instructions below.
Accessing your Okta MFA settings
- Sign in to your Okta account at https://okta.colby.edu (if you’re already there, you can skip this step)
- In the top right corner, click on the arrow next to your name and select ‘Settings’ from the drop-down menu
- You should now be on your Okta personal settings page. Click the green “Edit Profile” button (shown below) to unlock your settings. If you do not see the button, continue on to step 4.
- If prompted for additional verification, enter your password again.
- MFA options are configured in the ‘Extra Verification’ section – an unconfigured example is shown below. You may need to scroll down in the profile settings page to find it.
Note that each option has a ‘Set up’ button next to it. While only one extra verification/MFA method is required, it is important that you setup at least two verification factors to ensure an alternative should one method (like your cell phone) be unavailable. Once an option is configured, if you need to disable or reconfigure it, you may do so by clicking ‘remove,’ which will then make the option available to set up again.
The following steps will guide you through selecting factors based on the types of devices you may have. Please read them in the order they are listed:
First, configure at least one telephone factor
It is strongly recommended that you configure both of these options.
Setting up voice call verification
- Click the button marked “Setup” next to “Voice Call Authentication”
- Complete the required fields to store a telephone number where verification codes can be sent. This should be a phone number that you are most reachable at, such as a cell phone, as it will be used to deliver authentication codes for verification purposes.
Setting up text message (SMS)
- Click the button marked “Setup” next to “SMS Authentication” (SMS stands for “short message service” and is equivalent to text messages)
- Complete the required fields to store a telephone number where verification codes can be sent.
Second, if you have a smart phone (iPhone or Android), configure a mobile app
Setting up Okta Verify Mobile App (Preferred)
- Click the button marked “Setup” next to “Okta Verify”
- Follow the instructions presented on the screen, or for more detailed instructions click here and scroll down to “Procedures,” select “Set up Okta Verify as a New User” and follow the instructions to install and configure the Okta Verify mobile app on your smartphone.
Setting up Google Authenticator
If you are already comfortable with the Google Authenticator app, adding Okta is simple. Please note that the Google Authenticator app will not support ‘push’ authentication for Okta, it will only support numeric codes – this is why the Okta Verify app is the recommended mobile app for Okta. You can also set up both the Okta Verify app and the Google Authenticator app and decide for yourself which works better.
- Click the button marked “Setup” next to “Google Authenticator” and follow the instructions to add Okta as a keyed service.
If you do not have a smart phone
Setting up Security Key (optional)
- This option available in cases where a smartphone app or text message delivery is not an option.
- Contact the ITS Support Center at x4222 or [email protected] for more information on key activation.
Testing your Factors
You will be prompted for MFA as you authenticate to certain services through Colby’s Okta portal. If you want to try it out, you can test your MFA settings at any time by clicking on the ‘Configure and Test MFA’ icon (chicklet) in your Okta home page:
After clicking the ‘Configure and Test MFA’ icon shown above, you’ll be prompted for an MFA factor. When you are prompted for your MFA factor, you can select which one you’d like to use by clicking the pull-down arrow to the left of the factor icon. The example shown below is for SMS (text message), but you can select and test one of your other factors like Okta Verify Push or a Yubikey by clicking the menu button to the right of the SMS icon. The red arrow shown below is highlighting the menu button – you won’t see the red arrow in the real dialog.