SMS Authentication (MFA)

The SMS Authentication factor allows users to authenticate themselves using a one-time passcode (OTP) that is delivered to the their phone in an SMS message.

There are important considerations that you must take into account when using telephony as part of your multifactor authentication strategy, including regulatory requirements, toll fraud, and others. See Telephony for more information.

There are also important technical considerations for sending SMS messages. See Configure and use telephony for more information.

You can also customize SMS message templates, view SMS events in the System Log and view SMS usage reports. See Configure and use telephony for more information.

Toll-free, premium, and invalid phone numbers can't be used for multifactor authentication. If you attempt to use a toll-free, premium, or unrecognized phone number format, the phone number will be rejected as an invalid phone number.

Activate the SMS Authentication factor

  1. In the Admin Console, go to Security >Multifactor.
  2. On the Factor Types tab, select SMS Authentication.
  3. Click Inactive and select Activate.
  4. Click the Factor Enrollment tab.
  5. Select a policy from the list and click Edit, or, to create a new factor enrollment policy, click Add Multifactor Policy, and follow the instructions in Configure an MFA enrollment policy.
  6. Select the dropdown list beside SMS Authentication and select an option:
    • Optional - Users may select the SMS Authentication factor from the list and use it to authenticate.
    • Required - Users must provide an OTP they receive in an SMS message when they authenticate.
    • Disabled - Users won't be asked to authenticate with an OTP they receive in an SMS message.
  7. Click Update Policy.

End-user experience

When this factor is activated, users signing in to Okta for the first time see that extra verification is required.

Set up the SMS Authentication factor for the first time

  1. While signing in, the Sign-In Widget displays the Set up multifactor authentication screen.
  2. Click Configure factor.
  3. Select the country your phone number is from the Country dropdown list.
  4. Type your phone number in the Phone number field. Do not include the country code, leave out any dashes, and leave out the leading zero if your country's phone system uses them.
  5. Click Send code. You will receive a code in an SMS message.
  6. Type the code in the Enter Code field.
  7. Click Verify.

Sign in using the SMS Authentication factor

  1. Go to your org's sign-on page. Provide your username and any other credentials requested by the Sign-In Widget, such as a password.

  2. Click the down arrow and select SMS Authentication from the Select an authentication factor list.

  3. Okta sends an SMS message, and the Sign-In Widget displays the Enter Code field. If you don't receive the code automatically, click Send Code.

  4. Type the code provided in the SMS message in the Enter Code field.

  5. Click Verify.

Change the phone number for the SMS Authentication factor

After signing in, users can change the phone number to which OTP codes are sent by removing the SMS Authentication factor and then setting it up again.

  1. In the Okta Dashboard, click your username in the upper-right corner.
  2. Select Settings.
  3. In the Extra Verification section, click Remove beside SMS Authentication, and click Yes to confirm.
  4. Click Set up beside SMS Authentication.
  5. Continue with the steps in Set up the SMS Authentication factor for the first time.

Related topics

Voice Call Authentication (MFA)

Telephony

Configure and use telephony