SMS authentication (MFA)

End users sign in to their org and authenticate by entering a security token that is sent to their mobile device. By design, enabling SMS MFA factor authentication requires that end users receive an SMS text message on their mobile devices. When this factor is enabled by an admin, end users will receive an SMS text message with an authentication code when they sign in to Okta, even if they have sent an SMS opt out request on their device. If SMS messaging is of concern to your users, you may enable another factor of your choice as an alternative.



The sender ID or phone number that appears for end users may change from one sign-in to another. This allows Okta to maintain service reliability and delivery.

If your org uses a single phone number to authenticate multiple end users:

  • All users will enroll in this factor with the same phone number.
  • Due to a high level of user activity, the number may be blocked. If this occurs, contact Okta Support immediately to confirm that the number is trusted by your org.

Configure SMS authentication

The first time users sign into their orgs after you configure this factor, they see the Extra verification is required for your account page and must perform the following steps:

  1. Click the Setup button beside Text Message Code.
  2. Enter the mobile phone number where you want your security tokens sent.
  3. Enter the security token that was sent to your phone.

To reset and configure your settings if you lose your phone or get a new phone number, select the Account tab on your homepage and then click the Setup button in the Extra Verification section.

If you are configuring a user who already has a mobile telephone number verified in Okta, the following message appears.