How to set up Multi-Factor Authentication
This how-to describes how to set up Multi-Factor Authentication (MFA). All users have the option to "Turn on MFA" in the Multi-Factor Authentication (MFA) for Enhanced Account Security dropdown in the Personal Information section of their Okta Settings in the TWDB application portal. This is currently an "opt-in" feature and is not required; you may opt out of MFA by changing this setting to "Turn off MFA."
After opting in to MFA, you will be prompted for an additional authentication factor each time that you log in to the TWDB Application portal.
Opting in to MFA
- Log in to the TWDB Application Portal.
- Click your name at the top right to display a dropdown menu with the options: Settings, Preferences, Sign Out. Click Settings.
- Your account settings should display.
- Under the Personal Information section, the Multi-Factor Authentication (MFA) for Enhanced Account Security option is set to Turn off MFA by default for all users. If you choose to opt-in to the MFA to increase the security of your Okta account, update the dropdown to Turn on MFA and click Save.
- Under the Extra Verification section, you will see all available authentication factors.
- Click the Setup button for your preferred authentication factor and complete the setup process. The following factors are currently available:
- Once you have set up one or more authentication factors, you will have the option to select any of your factors to authenticate when prompted for MFA.
Setting up Extra Verification factors
In the Extra Verification section of your Okta Account, you will see available multi-factor options. You may choose to set up more than one factor; when you receive the MFA prompt, you will have the option to select from all the factors you've set up.
Okta Verify
Okta Verify is a mobile authentication app available for both Android and iOS. To use this factor, you will need to download the Okta Verify app to your personal cell phone or tablet.
- Under Extra Verification, click the Set up button for the Okta Verify factor.
- The Set up multifactor authentication window displays for the Okta Verify mobile app. Click the Setup button.
- The Setup Okta Verify window displays with the option to select your device type. Select either iPhone or Android.
- You will be prompted to download either the iOS or Android version of the mobile app from the appropriate online app store (Apple Store or Google Play). Download the app onto your mobile device before clicking Next.
- The Setup Okta Verify window will show a barcode. Open the Okta Verify app on your mobile device and tap Add New Account. The app should ask you to Choose Account Type. Select Organization. The app should give you the option to either sign in using your TWDB credentials or use your mobile device's camera to scan the barcode from the Setup Okta Verify window.
- After you have successfully scanned the barcode or signed in with your credentials, the mobile app should indicate Account Added, and the Okta webpage should refresh to show the Okta Verify factor now has a Remove button.
- When you are prompted for your Okta Verify factor, go to the Okta Verify app on your mobile device. You may authenticate via Push Notification or Authentication Code.
- If using Push Notification, click Send Push when you are prompted for your Okta Verify factor. An Okta Verify notification will appear on your mobile device. Swipe or tap the notification and tap Yes, It's Me to authenticate.
- If using Authentication Code, click Or enter code when you are prompted for your Okta Verify factor. In the Okta Verify app on your mobile device, you should see a six-digit code displayed for the Okta portal (the codes are generated per Okta portal, so you may have more than one code available). Enter the code and click Verify to authenticate. Note that the code expires every 30 seconds and is refreshed with a new code, so you may have to re-enter the code if it was not entered fast enough!
Google Authenticator
Google Authenticator is a mobile authentication app available for both Android and iOS. This mobile app generates a six-digit code that can be used to sign into Okta. To use this factor, you will need to download the Google Authenticator app to your personal cell phone or tablet.
- Under Extra Verification, click the Set up button for the Google Authenticator factor.
- The Set up multifactor authentication window displays for the Google Authenticator mobile app. Click the Setup button.
- The Setup Google Authenticator window displays with the option to select your device type. Select either iPhone or Android.
- You will be prompted to download either the iOS or Android version of the mobile app from the appropriate online app store (Apple Store or Google Play). Download the app onto your mobile device before clicking Next.
- The Setup Google Authenticator window will show a barcode. Open the Authenticator app on your mobile device and tap the + sign at the bottom right (or tap Get Started if this is your first account). The app should give you the option to either enter a setup key or use your mobile device's camera to scan the barcode from the Setup Google Authenticator window.
- If you cannot scan the barcode, click the Can't Scan? hyperlink below the barcode. A Secret Key should display for manual setup. Use the Enter a setup key option in your mobile app to enter your Account (TWDB email address) and Key (Secret Key). Then tap Add.
- After you have successfully scanned the barcode or used the secret key option, the mobile app should show a new account for the Okta portal with a six-digit code. The codes are generated per Okta portal or other account, so you may have more than one code available.
- From the Setup Google Authenticator window, click Next.
- You will then be prompted for your Google Authenticator code. Enter the six-digit code in the Enter Code field and click Verify. Note that the code expires every 30 seconds and is refreshed with a new code, so you may have to re-enter the code if it was not entered fast enough!
- The Okta webpage should refresh to show the Google Authenticator factor now has a Remove button.
- When prompted for the Google Authenticator factor, enter the six-digit code from the mobile app and click Verify.
SMS Authentication
SMS Authentication will allow you to authenticate using a code sent via text message to your personal cell phone. If you set up SMS Authentication, you will be prompted at sign-in to enter the code that was sent via SMS text. Please note that any cost associated with receiving text messages will be applicable, depending on your personal cellular or data plan.
- Under Extra Verification, click the Set up button for the SMS Authentication factor.
- The Set up multifactor authentication window displays for SMS Authentication. Click the Setup button.
- The window refreshes to show a dropdown menu with a list of countries and a phone number entry field. Select the appropriate country and enter your phone number without dashes or spaces. Click Send code.
- The window refreshes to indicate that the code was Sent. At the same time, your personal cell phone should receive the text message: "Your verification code is ######."
- Enter the six-digit code from the text message into the Enter Code field and click Verify.
- The Okta webpage should refresh to show the SMS Authentication factor now has a Remove button.
- When prompted for the SMS Authentication factor, click Send code to send the code via text message to your personal cell phone. Enter the six-digit code into the Enter Code field and click Verify to authenticate.
- If your cell phone number changes, click the Remove button for SMS Authentication to remove the current configuration and go through the setup process for your new phone number.
- When prompted for the Voice Call Authentication factor, click Call to initiate the phone call to receive your code. Enter the five-digit code into the Enter Code field and click Verify to authenticate.
- If your phone number changes, simply click the Remove button for Voice Call Authentication to remove the current configuration and go through the setup process for your new phone number.
Email Authentication
Email Authentication allows users to receive a one-time code sent from noreply@Okta.com to their primary Okta email address. For TWDB staff, the primary Okta email address will always be your TWDB email address.
- Under Extra Verification, click the Set up button for the Email Authentication factor.
- The Set up multifactor authentication window displays for Email Authentication. Click the Setup button.
- The window refreshes to display Set up Email Authentication. Click the Send me the code button to send a verification code to your primary email address.
- Within two minutes, you should receive an email entitled "Texas Water Development Board Application Portal - Confirm Your Email Address" in your TWDB Outlook inbox.
- Enter the 6-digit code from the email into the Verification code field and click Verify.
- The Okta webpage should refresh to show the Email Authentication factor now has a Remove button.
- When prompted for the Email Authentication factor, click Send me the code to send the email containing the code to your TWDB email address. Enter the six-digit code into the Enter Code field and click Verify to authenticate.