Sign in to resources protected by Okta

When you access your organization’s Okta End-User Dashboard or apps protected by Okta, you must first sign in to your account to verify your identity. Your IT department configures the security methods that you can use to verify your identity.

Ways to sign in

Okta requires two-step verification to make sure that your account is secure and no one else can access your resources even if they steal your password. Based on the configurations made by your IT admin, Okta prompts you to verify your identity in different ways. The following security methods are examples of authentication methods that your organization can request use when you sign in to applications.

Get a code in a text message Okta sends a verification code to your phone in a text message.
Get a code by phone call Okta calls a phone number that you provide and tells you the verification code.
Get an email Okta sends you an email containing a magic link that, when clicked, signs you into the app. A one-time password (OTP) provides an alternate method to authenticate using email.
Use Okta Verify After you install and set up Okta Verify on your device, the app generates a code that you can use to sign in. If your admin enables this feature, Okta Verify sends a push notification to your phone. This push asks you to confirm that you're the one trying to access an app. In some organizations, if you have Okta Verify, you can sign in using biometrics instead of a password.

Set up your verification method

Depending on what your administrator has configured, you might be prompted to set up multifactor authentication or a security method. In both cases, you’re setting up ways to verify your identity.

Prompt to set up verification methods Prompt to set up a security method

To check what authentication methods are available to you, sign in to your Okta End-User Dashboard and go to Settings. Scroll down to Extra Verification or Security Methods to see what methods are already configured and which methods you still need to set up.

Use more than one security method to ensure that you can still sign in even if one method is compromised or not available.

Verification methods available in the Extra Verification section under Settings Security Methods on the Settings page of an end-user account

Change your verification method

From the Settings page, you can set up or remove security methods that your IT department assigned to you for sign-in verification.

Before you remove a security method, make sure that you still have others set up. If you remove all your security methods, you might not be able to sign in to your resources.

On the Settings page, click Edit Profile and set up new security methods, or remove existing ones.

In the following example, if you want to replace SMS authentication with Voice Call Authentication, first click Remove next to SMS Authentication. Then, click Set up to configure Voice Call Authentication.

How to change verification methods on the Settings page Security Methods section on the Settings page

Choose a verification method

Based on your organization’s configuration, you might be able to choose from multiple security methods when you sign in to your Okta End-User Dashboard or to an app protected by Okta. For example, if configured, click the arrow menu beside the SMS factor to see the security methods that are available to you.

Prompt to select an a verification method Okta security methods for signing in to resources

Sign in with an email magic link or one-time password

If your administrator has configured email as an authenticator, you can sign in to your app using the magic link or one-time password (OTP) sent to your email address.

  1. After entering your username in the Sign-In Widget for your Okta End-User Dashboard or your external application, Okta asks you to choose a verification method.
  2. Click Select beside the email authenticator.
  3. Okta sends an email to the address set in your profile. This email has a magic link that you can use to sign in to your application immediately and an OTP code.

The subsequent process for signing in to your app depends on whether you receive the email on the same device or browser, or if you receive it using a different device or browser.Chart describing the two options for EML and OTP authorization flow

Original browser or device

If you receive the verification email on the same browser or device, you have two ways to complete the sign-in process:

  • Click Sign In in the verification email. This magic link opens a new browser tab so you can complete the authentication process. The session ends in the original browser tab.
  • Copy the OTP code from the verification email and return to the original browser tab. Click Enter a verification code instead and enter the code into the text box. Then click Verify to sign in to your application or dashboard.

    Email authenticator sign in windowEmail authenticator sign in window after clicking the "Enter a code from the email instead" link

Different browser or device

If you receive the verification email on a different browser or device, you have two ways to complete the sign-in process:

  • Click Sign In in the verification email. This magic link opens a new browser tab with an OTP code. Copy the verification code from this page and return to your original browser tab. Click Enter a verification code instead and enter the code into the text box. Then click Verify to sign in to the application or dashboard.
  • Copy the OTP code from the email and return to the original browser tab. Click Enter a verification code instead and enter the code into the text box. Then click Verify to sign in to your application or dashboard.

If your administrator has configured other sign-on policies, you can be asked for your password as an extra verification step.

Troubleshooting

If you lose access to an application protected by Okta, contact your help desk administrator for assistance.

Related topics

Okta Verify