The Voice Call Authentication factor allows users to authenticate themselves using a one-time passcode (OTP) that is delivered in a voice call to the user's phone. Users can provide a phone number for a landline or mobile phone. Extension numbers for landlines are also supported.
There are important considerations that you must take into account when using telephony as part of your multifactor authentication strategy, including regulatory requirements, toll fraud, and others. See Telephony for more information.
You can also select languages for voice-based authentication. See Configure and use telephony for more information.
Toll-free, premium, and invalid phone numbers cannot be used for multifactor authentication. If you attempt to use a toll-free, premium, or unrecognized phone number format, the phone number will be rejected as an invalid phone number.
Activate the Voice Call Authentication factor
- In the Admin Console, go to Security >Multifactor.
- On the Factor Types tab, select Voice Call Authentication.
- Click Inactive and select Activate.
- Click the Factor Enrollment tab.
- Select a policy from the list and click Edit, or, to create a new factor enrollment policy, click Add Multifactor Policy, and follow the instructions in Configure an MFA enrollment policy.
- Select the drop-down list beside Voice Call Authentication and select an option:
- Optional - Users may select the Voice Call Authentication factor from the list and use it to authenticate.
- Required - Users must provide an OTP they receive in a voice call when they authenticate.
- Disabled - Users won't be asked to authenticate with an OTP they receive in a voice call.
- Click Update Policy.
When this factor is activated, users signing in to Okta for the first time see that extra verification is required.
- While signing in, the Sign-In Widget displays the Set up multifactor authentication screen.
- Click Configure factor.
- Select the country your phone number is from in the Country drop-down list.
- Type your phone number in the Phone number field. Do not include the country code, leave out any dashes, and leave out the leading zero if your country's phone system uses them.
- If you want to receive voice calls on a phone number with an extension, such as at an office, type the extension number in the Extension field.
- Click Call. You will receive a voice call and the code will be provided in the spoken message. Click Redial if the voice call doesn't come automatically.
- Type the code in the Enter Code field.
- Click Verify.
Sign in using the Voice Call Authentication factor
- Go to your org's sign-on page. Provide your username and any other credentials requested by the Sign-In Widget, such as a password.
- Click the down arrow and select Voice Call Authentication from the Select an authentication factor list.
- Okta calls the user, provides the OTP in a spoken message, and the Sign-In Widget displays the Enter Code field. If you don't receive the voice call automatically, click Redial.
- Type the code provided in the voice call in the Enter Code field.
- Click Verify.
Change the phone number for the Voice Call Authentication factor
After signing in, users can change the phone number to which OTP codes are sent by removing the Voice Call Authentication factor and then setting it up again.
- In the Okta Dashboard, click your username in the upper-right corner.
- Select Settings.
- In the Extra Verification section, click Remove beside Voice Call Authentication, and click Yes to confirm.
- Click Set up beside Voice Call Authentication.
- Continue with the steps in Set up the Voice Call Authentication factor for the first time.