Okta - Multifactor Authentication FAQ
This article answers some frequently asked questions in regards to the new Okta system and its MFA functionality.
1. What is MFA?
- Okta - What is Multi-Factor Authentication (MFA)?
- Many Parkland systems, including SecureMail, VPN, Colleague UI, Self Service, and Office 365/email require Okta multifactor authentication for security purposes.
2. Will I need a mobile phone?
- Using the Okta Verify mobile application on a smartphone is the recommended factor as it is the most secure. If you do not own, or choose not to use your cell phone, you may select the Voice Call Authentication factor as an option instead. This allows the use of a home phone, land line, office phone, or alternative phone number. To see what is required for each of the factors, please see Okta - Compare the MFA Options. Please be aware that the Okta Verify and Google Authenticator apps are NOT available for Windows or MacOS.
- Another option if you do not own or do not wish to use a cell phone is a security key. A security key is a physical device that can be used for authentication. For more information, please see Okta - Setup and Use a Security Key.
- If you do not have access to any of the factors, please contact the Tech Service Desk at 217-353-3333 or techhelp@parkland.edu.
3. Where do I go to set up my factors for Okta?
- The first time you access Okta, you will need to sign in with your ParklandOne username and password at https://login.parkland.edu. You may need to select the Okta MFA Registration button. Once you have registered and set up a factor or factors, you will need to authenticate with that factor in order to access the site and make any required updates or changes to your factor selections. Okta - Register Your Account
4. Can I change my factors later on?
- Yes, you can access your account to make changes to your profile and multi-factor options at https://login.parkland.edu. Select the Okta Settings button. in order to access your Okta account, you must have access to one of the MFA factors that you set up initially. If you don't, please contact the Tech Service Desk at 217-353-3333. Please see the following KB article for more information. Okta - Add and Remove MFA Options
5. What if I never receive a verification code or push notification?
- If you are using voice call authentication, you must press the "Call" button within the Okta prompt to receive the code. If you are using SMS text authentication, you must press the "Send Code" button within the Okta prompt in order to receive the code. In addition, network related reasons can cause a delay in notification of the verification code or push notification. If you haven't received a code after a minute or two, try sending it again or choosing another factor.
6. When I am in the Okta Verify or Google Authenticator app, is it normal for the code to keep changing?
- This is the intended behavior for any application that utilizes code based MFA. The six digit number rotates often so the codes can’t be guessed or stolen by someone and used to log into your account. When you log in, you can either receive a push notification (Okta Verify only), or enter a code. If you opt for the push notification, you can ignore the code. Simply tap "Yes, it was me" on the app prompt that will appear. If you instead opt to enter the code, the code you enter is whatever code is currently being displayed in the app. If the code rotates before you can finish typing it in, you will need to clear what you have typed and enter the new code that is in the app. Please note that Google Authenticator shows a space in the middle of the 6-digit code. Do not enter a space when typing in the code.
- The best approach is to update your Okta information prior to getting rid of the old device or switching numbers.
- SMS Text Messaging or Voice Call - If your phone number has NOT changed, no action is needed on your part. If you are planning on changing your number, however, you will need to take action within Okta with your existing number prior to making that change. Please see Okta - Add and Remove MFA Options for more information. Set up a factor that you will be able to fulfill once your phone number changes. For example, if you currently have SMS set up for your existing number, set up Voice and link it to your new phone number instead. Once your phone number officially changes and the old number is deactivated, you can go to https://login.parkland.edu, use the dropdown arrow on the Okta authentication prompt to select Voice, go to Edit Profile, remove the old SMS option, and then Set Up SMS with your new phone number.
- Okta Verify or Google Authenticator
- Option 1 (recommended): You will need your old phone to log into https://login.parkland.edu and edit your Okta profile. Please see Okta - Add and Remove MFA Options for more information. Select Remove Okta Verify and/or Google Authenticator. On your new device, navigate to login.parkland.edu, sign in with your ParklandOne credentials and then select Set Up Okta Verify and/or Google Authenticator.
- Option 2: Make sure to update your Okta profile to enroll in SMS and/or Voice verification methods prior to switching phones. Please see Okta - Add and Remove MFA Options for more information. On your new device, navigate to https://login.parkland.edu, use the dropdown arrow on the Okta authentication prompt to select SMS or Voice, go to Edit Profile, and select Remove Okta Verify and/or Google Authenticator. Select Set Up Okta Verify and/or Google Authenticator (please reference the links to the setup instructions above).
- If these methods do not work or if you encounter any issues, please contact the Tech Service Desk at 217-353-3333.
8. Is it recommended that I set up more than one factor?
- Yes. We recommend setting up more then one factor in case you lose access to one. This would allow you still sign into Okta and Okta connected services with your alternative factor/s.
9. How do I select which one of my enrolled factors I want to use when accessing a service that is secured behind Okta?
10. I'm receiving a message when I go to log in that is warning me about a first time connection and it is not displaying my security image. The exact wording is “This is the first time you are connecting to login.parkland.edu from this browser”. Should I be concerned?
- This is normal behavior. Any time you log onto a new browser that Okta has not seen before, you will receive this message. After you sign in for the first time, any subsequent logins will properly display your security image. When you receive this message, you should also receive a new sign on alert email that is notifying you of this new login. If you ever receive this email unexpectedly and did not initiate the sign on, please contact the Tech Service Desk immediately at 217-353-3333 or techhelp@parkland.edu.
11. Why do I receive an email messages each time I set up a factor or delete/add a factor? Also, should I be worried if the activity details indicate that my location or operating system is inaccurate?
- The purpose of the email is to ensure that you are informed when important actions are taken within your Okta account. Since the security of your account is of the utmost importance, if you don't recognize the activity, please contact the Tech Service Desk at 217-353-3333 or techhelp@parkland.edu immediately. Please note that the location listed within the email reflects the location of your internet service provider, not necessarily your physical location. Also, there is a known issue with the wrong operating system being displayed in the confirmation email when attempting to connect to VPN.
12. What do I do if my account gets locked?
- For security purposes, your account will automatically lock after ten incorrect login attempts. You can either call the Tech Service Desk for immediate assistance or wait fifteen minutes for your account to unlock and then try again.
13. How often will I need to re-authenticate?
- This depends on the application. The default time period for an MFA prompt for most applications is one week. More sensitive applications may require re-authentication once a day or every time you sign in to the system.
- In order to take advantage of any potential extended authentication times, you will need to ensure you check the box to not prompt you for the given amount of time available. This box should reside on the MFA prompt screen.
- Please note that the extended time is session based. This means that if you were to use another browser, the same browser in incognito mode, or another computer, you will be prompted to re-authenticate with MFA again.
14. When I’m exiting a Colleague UI session, I’m getting multiple prompts asking if I’m sure I want to leave the page. This prompt sometimes displays 2 or 3 times before I can successfully navigate away. Is this normal?
- Unfortunately, this is a known issue with Colleague UI and the cause relates to how they implemented this kind of connection. Ellucian is aware of the issue and are working on a fix. We do not have a timeline for the resolution.
15. Can I use Google Voice or a similar product when enabling my factors?
- Yes. If the phone number you want to use can receive SMS messages, it can be used for the SMS Authentication Factor. If the phone number you would like to use can receive a phone call, then you can use that phone number with Voice Authentication. Please note, however, that Google Voice and other similar 3rd party products are not supported by Campus Technologies and are not recommended.
- When you log out of most Okta connected applications, you are also logged out of the Okta system. This means that if you were to try to connect to the same application (or other Okta connected applications), you will be prompted for your ParklandOne credentials and any required MFA prompts from the Okta system again.
- Any other applications that you were already logged in through Okta will remained signed in until the login for that application either times out due to inactivity or until you log out of that application manually.
- If it is asking for a domain name, you installed the Okta Mobile app as opposed to the Okta Verify app. Please delete the Okta Mobile app and install the Okta Verify app instead. Okta Verify will not prompt you to enter a domain name.
See Also:
- Okta - What is Multi-Factor Authentication (MFA)?
- Okta - Register Your Account
- Okta - Compare the MFA Options
- Okta - Setup the Okta Verify Mobile Application
- Okta - Use the Okta Verify Mobile Application
- Okta - Setup and Use Google Authenticator
- Okta - Setup and Use SMS Authentication
- Okta - Setup and Use Voice Call Authentication
- Okta - Setup and Use a Security Key