Okta - Multifactor Authentication FAQ
This article answers some frequently asked questions in regards to the new Okta system and its MFA functionality.
- Will I need a mobile phone?
- Using Okta Verify mobile application on a smartphone is the recommended second factor. If you do not own, or choose not to use your cell phone, you may select the Voice Call Authentication factor as an option instead. This allows the use of a home phone, land line, office phone, or alternative phone number. To see what is required for each of the factors, please see Okta - Compare the MFA Options
- Can I update my factors after registration?
- Yes. After your initial registration, you can access your account to make changes to your profile and multi-factor options. This is especially useful when changing phone numbers or devices. You can access your Okta profile at go.parkland.edu/oktaprofile. Please see the following KB article for more information. Okta - Add and Remove MFA Options
- What if I never receive a verification code?
- Many computer and network related reasons can cause a delay in notification of the verification code. If you haven't received a code after a minute or two, try sending it again or choosing another factor. If you are still having trouble, contact the Tech Service Desk for assistance.
- When I am in the Okta Verify or Google Authenticator app, is it normal for the code to keep changing?
- This is the intended behavior for any application that utilizes code based MFA. The six digit number rotates periodically so the codes can’t be guessed or stolen by someone and used to log into your account. When you log in, you can either receive a push notification (Okta Verify only), or enter a code. The code you enter is whatever code is currently being displayed in the app. If the code rotates before you can finish typing it in, you will need to clear what you have typed and enter the new code that is in the app. Please note that Google Authenticator shows a space in the middle of the 6-digit code. Do not enter a space when typing in the code.
- Is it recommended that I set up more than one additional factor?
- Yes. We recommend setting up more then one factor in case you lose access to one. This would allow you still sign into Okta and Okta connected services with your alternate factor/s.
- How do I select which one of my enrolled factors I want to use when accessing a service that is secured behind Okta?
- I'm receiving a message when I go to log in that is warning me about a first time connection and it won’t display my security image. The exact wording is “This is the first time you are connecting to login.parkland.edu from this browser”. Should I be concerned?
- This is normal behavior. Any time you log onto a new browser that Okta has not seen before, you will receive this message. After you sign in for the first time, any subsequent logins will properly display your security image. When you receive this message, you should also receive a new sign on alert email that is notifying you of this new login. If you ever receive this email unexpectedly and did not initiate the sign on, please contact the Tech Service Desk immediately at 217-353-3333 or email@example.com.
- Why do I receive an email messages each time I enroll in a factor or delete/add a factor? Also, should I be worried if the activity details indicate that my location is inaccurate?
- The purpose of the email is to ensure that you are informed when important actions are taken within your Okta account. Since the security of your account is of the utmost importance, if you don't recognize the activity, please contact the Tech Service Desk at 217-353-3333 or firstname.lastname@example.org immediately. Please note that the location listed within the email reflects the location of your internet service provider, not necessarily your current location.
- What do I do if my account gets locked?
- For security purposes, your account will automatically lock after ten incorrect login attempts. You can either call the Tech Service Desk for immediate assistance or wait fifteen minutes for your account to unlock and then try again.
- Once registered in Okta, will these settings apply to MFA for Office 365 / email?
- Not at first - We will continue to implement additional services with Okta MFA. This will eventually include Office 365 / email and some of your other favorite applications. In the meantime you will need to use the MFA options that you set up with Microsoft when accessing Office 365 / email.
- What Parkland systems / applications require Okta MFA?
- Okta will be tied to the following systems on the following dates: SecureMail (9/17), VPN (9/24), Colleague UI (10/8), and Self Service (10/22). You can also go to login.parkland.edu to view the Okta MFA applications that you have access to. Additional Parkland systems will gradually be tied to Okta and communication will go out in advance of those go live dates.
- How often will I need to re-authenticate?
- This depends on the application. The default time period for a second MFA prompt for most applications is one week. More sensitive applications may be 24 hours or even require re-authentication every time.
- In order to take advantage of these extended times, you will need to ensure you check the box to not prompt you for the given amount of time available. This box should reside on the MFA prompt screen.
- Please note that the extended time is session based. This means that if you were to use another browser or another computer, you will be prompted to re-authenticate with MFA again.
- When I’m exiting a Colleague UI session, I’m getting multiple prompts asking if I’m sure I want to leave the page. This prompt sometimes displays 2 or 3 times before I can successfully navigate away. Is this normal?
- Unfortunately, this is a known issue with Colleague UI and the cause relates to how they implemented this kind of connection. Ellucian is aware of the issue and are working on a fix. We do not have a timeline for the resolution.
- If I update my phone number through Admissions or Human Resources, will they update my number update my number in Okta?
- No. The phone number in Okta is completely separate from the phone number that Admissions or Human Resources keeps track of. To update your phone number in Okta, follow the instructions in the following KB article to remove and re-add the factor that uses the phone number: Okta - Add and Remove MFA Options
- Can I use Google Voice or a similar product when enabling my factors?
- Yes. If the phone number you want to use can receive SMS messages, it can be used for the SMS Authentication Factor. If the phone number you would like to use can receive a phone call, then you can use that phone number with Voice Authentication. Please note, however, that Google Voice and other similar 3rd party products are not supported by Campus Technologies and are not recommended.
- What happens when I log out of an application that is connected to Okta?
- When you log out of most Okta connected applications, you are also logged out of the Okta system. This means that if you were to try to connect to the same application (or other Okta connected applications), you will be prompted for your ParklandOne credentials and any required MFA prompts from the Okta system again.
- Any other applications that you were already logged in through Okta will remained signed in until the login for that application either times out due to inactivity or until you log out of that application manually.
Phone/Virtual Assistance: 217-353-3333 * email@example.com
Fall/Spring: 7:30 a.m. - 6:00 p.m. M-Th. / 7:30 a.m. - 5:00 p.m. Fridays
Summer: 7:30 a.m. - 6:00 p.m. M-Th