The SMS Authentication factor allows users to authenticate themselves using a one-time passcode (OTP) that is delivered to the their phone in an SMS message.
There are important considerations that you must take into account when using telephony as part of your multifactor authentication strategy, including regulatory requirements, toll fraud, and others. See Telephony for more information.
There are also important technical considerations for sending SMS messages. See Configure and use telephony for more information.
You can also customize SMS message templates, view SMS events in the System Log and view SMS usage reports. See Configure and use telephony for more information.
Toll-free, premium, and invalid phone numbers can't be used for multifactor authentication. If you attempt to use a toll-free, premium, or unrecognized phone number format, the phone number will be rejected as an invalid phone number.
Okta recommends that admins enable other factors in addition to the SMS Authentication factor to give their end users additional verification options. For example, if an end user changed their phone number and didn't update it in Okta, voice calls and SMS messages will be sent to the old number. In this situation, end users need alternate verification methods to enable them to sign in to Okta so they can update their phone number.
Activate the SMS Authentication factor
- In the Admin Console, go to Security >Multifactor.
- On the Factor Types tab, select SMS Authentication.
- Click Inactive and select Activate.
- Click the Factor Enrollment tab.
- Select a policy from the list and click Edit, or, to create a new factor enrollment policy, click Add Multifactor Policy, and follow the instructions in Configure an MFA enrollment policy.
- Select the dropdown list beside SMS Authentication and select an option:
- Optional - Users may select the SMS Authentication factor from the list and use it to authenticate.
- Required - Users must provide an OTP they receive in an SMS message when they authenticate.
- Disabled - Users won't be asked to authenticate with an OTP they receive in an SMS message.
- Click Update Policy.
When this factor is activated, users signing in to Okta for the first time see that extra verification is required.
- While signing in, the Sign-In Widget displays the Set up multifactor authentication screen.
- Click Configure factor.
- Select the country your phone number is from the Country dropdown list.
- Type your phone number in the Phone number field. Do not include the country code, leave out any dashes, and leave out the leading zero if your country's phone system uses them.
- Click Send code. You will receive a code in an SMS message.
- Type the code in the Enter Code field.
- Click Verify.
Sign in using the SMS Authentication factor
Go to your org's sign-on page. Provide your username and any other credentials requested by the Sign-In Widget, such as a password.
Click the down arrow and select SMS Authentication from the Select an authentication factor list.
Okta sends an SMS message, and the Sign-In Widget displays the Enter Code field. If you don't receive the code automatically, click Send Code.
Type the code provided in the SMS message in the Enter Code field.
If you changed your phone number and haven't updated it in Okta yet, your voice calls and SMS messages will go to your old phone number and you won't be able to complete verification. If this happens, click Sign in with something else on the Sign-In Widget, and verify with a different factor. Next, complete the Change the phone number for the SMS Authentication factor procedure, and replace your old phone number with your new one.
After signing in, users can change the phone number to which OTP codes are sent by removing the SMS Authentication factor and then setting it up again.
- In the Okta Dashboard, click your username in the upper-right corner.
- Select Settings.
- In the Extra Verification section, click Remove beside SMS Authentication, and click Yes to confirm.
- Click Set up beside SMS Authentication.
- Continue with the steps in Set up the SMS Authentication factor for the first time.