Sign in to resources protected by Okta

When you access your organization’s Okta End-User Dashboard or apps protected by Okta, you must first sign in to your account to verify your identity. Your IT department configures the security methods you can use to verify your identity.

Ways to sign in

To ensure that your account is secure and nobody else can access your resources even if your password is stolen, two-step verification is required. Based on the configurations made by your IT admin, you might be prompted to verify your identity in different ways. The following security methods are examples of what your organization might prompt you to use when signing in to apps.

Get a code in a text message Okta sends a verification code to your phone in a text message.
Get a code by phone call Okta calls a phone number that you provide and tells you the verification code.
Get an email Okta sends you an email containing a magic link that, when clicked, signs you into the app. A one-time password (OTP) provides an alternate method to authenticate using email.
Use Okta Verify After you install and set up the app on your device, the app generates a code that you can use to sign in. If your admin enables this feature, Okta Verify can send a push notification to your phone asking you to confirm that you're the one trying to access an app. In some organizations, if you have Okta Verify, you can sign in with biometrics without using a password.

Set up your verification method

Depending on what your administrator has configured, you might be prompted to set up multifactor authentication or a security method. In both cases, you’re setting up ways to verify your identity.

Prompt to set up verification methods Prompt to set up a security method

To check what authentication methods are available to you, sign in to your Okta End-User Dashboard and go to Settings. Scroll down to Extra Verification or Security Methods to see what you can set up and which methods are already configured.

Set up more than one security method to ensure that you can still sign in even if one method is compromised or not available.

Verification methods available in the Extra Verification section under Settings Security Methods on the Settings page of an end-user account

Change your verification method

From the Settings page, you can set up or remove security sign-in methods that were assigned to you by your IT department.

Before you remove a security method, make sure that you still have others set up. If you remove all your security methods, you might not be able to sign in to your resources.

On the Settings page, click Edit Profile and set up new security methods, or remove existing ones.

In the following example, if you want to replace SMS authentication with Voice Call Authentication, first click Remove next to SMS Authentication. Then, click Set up to configure voice call authentication.

How to change verification methods on the Settings page Security Methods section on the Settings page

Choose a verification method

Based on your organization’s configuration, you might be able to choose from multiple security methods when you sign in to your Okta End-User Dashboard or to an app protected by Okta. For example, if configured, click the arrow menu beside the SMS factor to see the security methods that are available to you.

Prompt to select an a verification method Okta security methods for signing in to resources

Sign in using an email magic link or one-time password

If your administrator has configured email as an authenticator, use the following process to sign in to your app using the magic link sent to your email address.

  1. After entering your username in the Sign-In Widget for your Okta End-User Dashboard or your external application, Okta asks you to choose a verification method.
  2. Click Select beside the email authenticator.
  3. Okta sends an email to the address set in your profile. This email has a magic link that you can click to be signed in to your application immediately, as well as a one-time password (OTP).

The subsequent process for signing in to your app depends on whether you receive the magic link email on the same device or browser or if you receive the magic link email using a different device or browser.

If you use the same device or browser, you have two methods to complete the sign-in process:

  • Click Sign In in the email. This magic link opens a new browser tab so you can complete the authentication process. The original browser tab session is closed.
  • Copy the OTP code from the email and return to the original browser tab. Click Enter a code from the email instead and enter the code into the text box. Then click Verify to sign in to your application or dashboard.

Email authenticator sign in windowEmail authenticator sign in window after clicking the "Enter a code from the email instead" link

If you receive the email on a different device or browser, you have two methods to complete the sign-in process:

  • Click Sign In in the email. This magic link opens a new browser tab with an OTP code. Copy the verification code from this screen and return to your original browser tab. Click Enter a code from the email instead and enter the code into the text box. Then click Verify to sign in to the application or dashboard.
  • Copy the OTP code from the email and return to the original browser tab. Click Enter a code from the email instead and enter the code into the text box. Then click Verify to sign in to your application or dashboard.

If your administrator has configured additional sign-on policies, you may be asked for your password as an additional verification step.

Troubleshooting

If you lose access to an Okta-protected app, contact your help desk admin for troubleshooting.

Related topics

Okta Verify