Okta is a new ISU application for handling identity management and security. In addition to providing single sign-on to ISU web applications beginning on March 1st, Okta can add Multi-factor authentication protection to your Net-ID.
What is Multi-factor Authentication?
Currently your Net-ID has a single form of authentication--your password. If someone guesses your password or your account is compromised via phishing or malware, your stored information is exposed. Multi-factor authentication protects your account with a second type of verification so that even if someone has your password, they will still be unable to log into your account. You will often hear multi-factor authentication referred to as something you know (your password) and something you have (phone, text message, etc).
With multi-factor authentication, when you log in, you'll not only type your password but you'll be asked to verify your access via an app on your phone or to type in a unique code.
Currently, multi-factor authentication is optional with Okta. However, it is strongly recommended and will eventually be required.
To activate Multi-factor authentication in Okta
- Go to login.iastate.edu
- Log in with your Net-ID and password*
- On the Okta dashboard, click on the tile "Activate Multi-factor Authentication"
- Scroll to the bottom of the page and click on the "Activate" button.
- You will be prompted to login again.
- Select the multifactor authentication that you would like for your account. You can choose from:
- Okta Verify Mobile App
- Google Authenticator Mobile App
- Text Message Code
- Voice Call
To enable, click on Setup for the specific type of verification you want to enable and follow the instructions (if the button says Reset rather than Setup, it means that verification method is already enabled). You can set up more than one type of multi-factor authentication. We recommend that you set up at least two (you will only use one at a time) for flexibility.
*If this is your first time logging in you may be asked to provide a secondary e-mail address or a phone number. This is for self-service password resets and can be skipped and entered later.