Okta Verify for End Users
When a user signs in to their organization, the Okta Verify app prompts the user to verify their identity in order to authenticate successfully. Once an end user installs the app to their primary device, they can verify their identity by approving a push notification or by entering a one-time code to authenticate successfully.
Note: Okta Verify can only be registered with one device at a time. To use a new device, reset your Okta Verify account then open the appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. to add and register your new device.
If you can't sign in to Okta and need to reset your account, refer to Reset your Okta Verify account or contact your organization's IT department for further assistance.
What is the Okta Verify mobile app used for?
The Okta Verify app is used only to verify your identity once you attempt to sign in to your Okta account.
- Enroll in Okta Verify as a new user by registering your mobile device with your Okta account.
- Add additional accounts that require Okta Verify for authentication.
- Manage the list of accounts registered to your mobile device (reorder, rename, delete).
You cannot do the following from the Okta Verify app:
- Access or sign in to your Okta account directly. Sign in to your account from a web browser on your device or desktop computer or download Okta Mobile from the Apple App Store or Google Play. For more information, see Okta Mobile.
- Reset your Okta Verify account if you are locked out or forgot your password. See Reset Okta Verify if you get stuck and can't sign in.
The first time you sign in to your orgThe Okta container that represents a real-world organization. after you configure this factor, the Extra verification is required for your account page displays on their device.
To start the setup process:
- Click Setup.
- From your mobile device, follow the instructions to download and install the Okta Verify app. Click Next.
- Configure Okta Verify to link it to your Okta account.
- Scan a QR code or manually enter a code.
Setup using a QR Code
- On your phone, start the Okta Verify app, tap Add Account on iOS, or + on Android.
- Scan the QR code on their computer screen using their device camera.
The pass code generator screen appears and generates pass codes that end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. use when prompted for extra verification.
You have 30 seconds to enter the pass code before it generates a new one.
To configure an account manually:
- Open the Okta Verify app.
- Tap Add Account on iOS, or + on Android.
- From the bar code page, tap No barcode?.
- In the Okta Account field, enter your username (company email address).
- From your computer web browser, click the Can’t scan the QR code link to obtain the secret key.
- Enter it in the Secret Key field on your mobile device.
- Tap Save to continue.
The pass code generator screen appears and generates the codes end users use when they are prompted for extra verification. End users have 30 seconds to enter the pass code before it generates a new one.
Use Okta Verify with multiple accounts
Okta Verify may be used for multiple accounts including organizations outside of Okta.
Add an account
To add a new account, tap Add Account on iOS, or + on Android.
Accounts are displayed in the order in which they were enrolled.
- iOS: Tap Edit to access edit mode. Tap and drag the gripper icon to your location of choice.
- Android: Tap the three dots to the right of the account that you want to move. Tap Reorder. Tap and drag the gripper icon to your location of choice.
Edit an account name
- iOS: First tap Edit in the upper-right corner to enter edit mode, then tap the organization name you want to change.
- Android: Tap the three dots icon on the right side of the account you want to edit, then tap Rename.
Delete an account
- iOS: Tap Edit to access the edit view, then tap the red delete icon to remove the account from the list.
- Android: Tap the three dots to the right of the account you want to delete, then tap Delete.
A prompt appears asking to confirm deletion of the account.
Account deletion is permanent and prevents sign on for the account.
When signing in to Okta, the Okta Verify AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. challenge screen will be displayed.
Enter a six-digit verification code to confirm your identity. If Send Push if displayed, click it to have a notification pop up on your phone.
Okta Verify Verification Code
You can generate a six-digit code to sign in to Okta if additional verification is required. For security purposes, this code changes every thirty seconds.
Confirm your identity with a verification code:
- Enter your credentials to sign in to your org.
- When prompted, open the Okta Verify app on your mobile device.
- In the account list, look for an entry that displays the email address for your account. Remember the verification code that is displayed. In the example below, the code for Okta is 745795.
- In your web browser, enter the code that is displayed on the Okta Verify app. Click Verify to continue.
If the code entered was correct and matches the code displayed in the Okta Verify app, you will be signed in to your org automatically.
If the Send Push option appears once you attempt to sign in to Okta, you can verify your identity from a pop-up notification on your phone.
From this notification you can approve or deny a request. This pop-up request is valid for up to five minutes.
To use push notifications, select Send Push to send a push authentication to your device.
There are two ways to have push notifications sent to your device: manually or automatically.
A notification is sent to your device manually once you tap Approve to sign in to your account.
A notification is sent to your device via the automatic push option:
Select Send push automatically in your browser to enable automatic push notifications from the assigned mobile device.
Note that in order to enable automatic push notifications, you must first send a manual notification to your device. Once the initial verification has taken place and Send push automatically is selected, all future notifications will be sent to your device automatically.
Okta Verify supports the use of both Apple Watch and Android Wear.
The Okta Verify for Apple Watch app allows you to view and accept or deny Okta Verify with push notifications from your watch screen. The watch also displays a rotating one-time password to allow authentication if push notifications are not enabled or if internet connectivity is unavailable.
Once you've paired your watch with an iPhone, the Okta Verify app installs automatically. Note that while the app can be opened and used at any time, the watch only receives notifications from the iPhone if it is locked based on Apple design.
The Okta Verify for Android Wear app allows you to view and accept or deny Okta Verify with Push challenges from your watch screen. You can also access the OTP on their Android Wear devices.
Touch ID uses fingerprint detection technology to guard against unauthorized use of Okta Verify.
To sign in with Touch ID:
- Sign in to Okta and click Set Up Touch ID when the prompt is displayed.
If Touch ID has not been set up on your device, iOS Settings will appear to configure it.
- The Touch ID for "Okta Verify" screen appears.
- Enrollment is complete once you verify your identity with your fingerprint.
When multiple accounts exist, Touch ID accounts are distinct from the other authentication options.
- Touch ID accounts are identified by their thumbprint icon and obfuscated numbers. Touch the fingerprint icon to expose the authentication number.
- Accounts are also distinct when Touch ID is required by your company's IT adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page..
- An alert will appear if Touch ID is required and not set up on your device.
- Tap the alert icon then tap Touch ID Setup Required.
- Follow the instructions for Touch ID setup in device Settings.
You can approve or deny an authentication request from Okta Verify directly from a notification without having to open the app each time.
There are two ways to action a request from a notification:
- From the lock screen
- From a pop-up notification on an unlocked screen
To approve a request from the lock screen:
- Swipe left once the notification appears.
- Tap View.
Tap Approve or Deny. You will be prompted to unlock your device.
- Enter your PIN or unlock the device with your fingerprint to proceed.
To approve a request from an unlocked screen:
- Swipe down once the notification appears.
- Tap Approve or Deny to action the request.
Once you approve a request, you will be signed in to your org automatically.
Devices with 3D Touch
If your iOS device supports 3D Touch, you may also hard press on a notification to display options to approve or deny the request.
Reset your Okta Verify account if you can't sign in to your company Okta account.
If you cannot reset your account, contact your org IT admin directly to assist.
The following issues are examples that can be resolved by resetting Okta Verify:
- Attempting to authenticate with a device that has been factory reset after enrolling in Okta Verify.
- Attempting to authenticate using a new or different device other than the one that was previously enrolled.
- Stuck in an authentication loop where the web browser instructs users to consult the Okta Verify app but the app does not receive a push notification or display a one-time code.
- Approval of a push notification or submission of a one-time code do not result in successful authentication.
- Receiving an in-app verification code error.
Reset Okta Verify by one of the following:
- Sign in to Okta from your web browser and reset Okta Verify from your user settings before the device is reset or changed (see steps below on Reset Okta Verify from the end user dashboard)
- Contact an admin and request that they reset the Okta Verify account.
Reset Okta Verify from the end user dashboard:
- Sign in to the Okta end user dashboard.
- Click your Name > Settings.
- Scroll down to Extra Verification.
- Next to Okta Verify Mobile App, click Reset to open the reset prompt.
- The Set Up Okta Verify reset prompt appears. Click Yes to reset the enrolled Okta Verify account.
- The user must re-enter their password to proceed.
- Once the user is verified, they are redirected to the Okta sign in page where they can either authenticate with a different factor or sign out of the session.
To enroll their new device in Okta Verify, the user must sign in with another factor and select Okta Verify at the prompt or contact their org admin for further assistance.
- Okta Verify Overview
- Okta Verify for Admins
- Okta Verify Release Notes
- Okta Mobile
- Multifactor Authentication