This FAQ (Frequently Asked Questions) page is broken into two sections, Getting Started with Okta, and Using Okta. Click on the questions below, and you'll be taken to the answer.
Getting Started with Okta:
- What is Okta?
- Does this affect me?
- What is my Okta password?
- What is the Okta Verify app?
- How do I get the Okta Verify App?
- How do I set up the Okta Verify app once it is installed?
- Do I have to use the Okta Verify App?
- How does this change how I work on a daily basis?
- Do I still need to re-authenticate every 6 days?
- Does this make using the computer even more complex?
- Can I have Okta authenticate me with an automated voice call as we did with the Microsoft Authenticator?
- Should I have more than one MFA factor?
- (For Police only) How do I activate my Yubikey?
- What is a secondary email used for?
Using Okta:
- What’s the address for the Okta dashboard?
- I received an Okta Verify alert on my phone. What is it?
- My account is locked out, how do I unlock it?
- How do I change my password?
- When I set up my account I just enabled SMS, and now I want to use Okta Verify, how do I do this?
- I have a new phone or tablet, and Okta Verify isn’t working. How do I fix this?
- I can’t find the application that I’m using (e.g. Cartegraph, ActiveNet, Kronos…). Will I be able to use it?
- I received an email for a new sign-on detected for my account. Why did I get it and what should I do?
Getting Started with Okta
What is Okta?
Okta is our new “identity and access management” provider used for Multi-Factor Authentication (MFA). Okta is an on-demand service that allows you to easily sign in to supported applications through a single login. What this means is that the Okta service will be used to authenticate you for many computer-based services the city uses. Once you sign in, your Okta dashboard displays all your applications in one location. Simply click the application's corresponding icon and each application opens in a new browser window or tab and you are automatically logged-in. Watch this short video to learn more: https://www.okta.com/intro-to-okta/
Does this affect me?
Yes! If you use Office 365, Kronos, KnowBe4, FreshService, NetMotion, GlobalProtect VPN, or the Password Reset Portal then you will use OKTA.
What is my Okta password?
Your Okta password is the same password you use to log in to the computer and to Office 365.
What is the Okta Verify app?
Okta Verify is similar to the Microsoft Authenticator app you have been using for Office 365. It’s a secure method of verifying your identity.
How do I get the Okta Verify app?
Use the QR code below to download the app.
|
|||
Android |
|
Apple |
Alternatively, you can also use the following links:
Okta Verify for Android | Okta Verify for Apple
How do I set up the Okta Verify app once it is installed?
If you're still logging into Okta for the first time, you'll click the Set up button for Okta Verify.
If you're already logged in to the dashboard, click your name in the upper-right, and choose Settings. Scroll down and click the Set up button next to Okta Verify.
Follow the on-screen instructions. Be sure to allow your phone to use the camera when prompted so that it can scan the QR code. You'll also want to enable notifications, so you can be prompted by Okta Verify whenever you log in. Here is an Okta YouTube video about setting up a new device. The following Okta links may also be helpful:
Set up Okta Verify on Android devices
Set up Okta Verify on iOS devices
Do I have to use the Okta Verify app?
Currently, you’re not required to use the Okta Verify app, but it is highly recommended. You can use either the Okta Verify app, or get a SMS (text) message. This may change in the future, as SMS messages are not secure.
How does this change how I work on a daily basis?
For most people, it just means that you’ll be using the Okta Verify app instead of Microsoft Authenticator.
Do I still need to re-authenticate every 6 days?
Yes, the re-authentication interval will stay the same.
Does this make using the computer even more complex?
The exact opposite, actually! It simplifies several things.
Before:
Login to Office 365 -> |
Use Microsoft Authenticator |
Reset Password/Unlock Account -> |
Use Password Reset Portal |
Login to NetMotion -> |
Use Duo Mobile |
Login to GlobalProtect VPN -> |
Use Duo Mobile |
After:
Login to Office 365 -> |
Okta |
Reset Password/Unlock Account -> |
Okta |
Login to NetMotion -> |
Okta |
Login to GlobalProtect VPN -> |
Okta |
Can I have Okta authenticate me with an automated voice call as we did with the Microsoft Authenticator?
No, this method of authentication is not available with Okta, sorry!
Should I have more than one MFA factor?
Yes, it’s always best to have multiple options. At a minimum, it’s recommended that you use Okta Verify and SMS as a backup. That way, if you get a new phone (see next question) you can still use SMS to sign in. You can then set Okta Verify up on the new phone.
(For Police only): How do I activate my Yubikey?
If you have not yet registered with Okta, you can activate it as part of the registration process. Click the Set up button in the Yubikey Authenticator section, plug the Yubikey in, and then tap the Yubikey when prompted (see below).
If you have already registered with Okta, log in to the Dashboard, click your name in the upper-right corner, and choose Settings. Scroll down and click Set up next to Yubikey Authenticator, and follow the instructions shown, tapping the Yubikey when prompted.
What is a secondary email used for?
During enrollment you will be asked to provide an optional secondary email address. You can also add or change it later through your account settings in the Okta dashboard. The secondary email address can be used for account recovery if you are locked out of your City account. If you add a secondary email address, it should be an account you can access if your City account is inaccessible. Do NOT use your City provided email address since that is the account you are trying to unlock. When you provide a secondary email address Okta will send a "Confirm email address change" verification email to that address. You MUST use the link in the verification email to activate it for use in account recovery.
Using Okta
What’s the address for the Okta dashboard?
https://worthington.Okta.com This is where you can login to access the various services that are authenticated through Okta. You can also access the dashboard from the Okta Verify app by tapping on Launch Dashboard. For more information, please visit Okta End-User Dashboard Overview.
This is a sample end user dashboard with direct links to apps.
I received an Okta Verify alert on my phone. What is it?
If you receive an Okta Verify alert on your phone similar to the image below (from an Android device), that means someone is trying to log into your City account. You can click the "Down arrow" to view more details. Please review the details carefully. If you initiated the login, then you may click "Yes, It's Me" to authenticate the session. If you do not recognize the login attempt, click "No, It's Not Me" to deny the session. Please report all suspicious activity by creating a helpdesk ticket.
My account is locked out, how do I unlock it?
From the dashboard (https://worthington.okta.com) underneath the blue “NEXT” button, you’ll select Unlock Account? link, and enter your city email address. Depending on what recovery methods you have set up, you may be able to have it send you an email to a secondary email account, get a push notification in Okta Verify, or have it text you a code.
How do I change my password?
If you’re already logged in to the Okta dashboard, click your name in the upper-right corner and choose Settings. Under Change Password, you’ll enter your current password, your new password, and the confirm your new password by entering it again, and then clicking the Change Password button.
If you cannot remember your password, go to the Okta dashboard and on the first logon window enter your email address and click Next button. On the 2nd window click the Forgot password? link. Then select the desired security notification method. Once you accept the security prompt, you will be taken to a window to reset your password.
When I set up my account I just enabled SMS, and now I want to use Okta Verify, how do I do this?
Login to the Okta Dashboard, click your name in the upper-right corner, and choose Settings. Under Security Methods, you’ll click on the Set up button next to the method you want to enable, and follow the instructions. Please refer to the above section for help: How do I set up the Okta Verify app once it is installed?
I have a new phone or tablet, and Okta Verify isn’t working. How do I fix this?
For security purposes, Okta verify is tied to the hardware of the phone. You’ll need to add your new device in Okta. First, login to the Okta dashboard with an alternative method. Click your name in the upper-right corner, and choose Settings. Under Security Methods, find the name of your old phone/tablet and click Remove. Then, click Set up (or Set up another, if you have more than one device with Okta verify), and follow the instructions. Please refer to the above section for help: How do I set up the Okta Verify app once it is installed?
I can’t find the application that I’m using (e.g. Cartegraph, ActiveNet, Kronos…). Will I be able to use it?
If the application is currently integrated with Office 365 authentication, we will move the integration to Okta. Nothing will change for those applications that aren’t listed on the roll out. You will keep using your current MFA methods. Until we have moved the linked application authentication from Office 365 to Okta, you may be asked to authenticate twice – once for O365 and then again for Okta.
This is a first phase to enroll our main applications, but there will be an ongoing effort to add as many applications as possible to Okta. We will announce these in advance and no action will be necessary on your part.
The following apps currently do NOT support integration with Okta:
- ActiveNet
- Humanity
I received an email for a new sign-on detected for my account. Why did I get it and what should I do?
Okta will send you an email every time it detects a sign-on from a new device or a new location. This is a security measure to help prevent malicious actors from performing undesired activities using your account. When you receive these emails, please review the information in them carefully. Please note that Okta uses the IP address of the logon device to determine its registered location. It is not the device's GPS location and may not be accurate. If you do not recognize the details as something you approved, please click the "Report Suspicious Activity" button in the email to submit a ticket to the HelpDesk.
You can also click your username in the top right corner of the dashboard, then select "Recent Activity" to view Okta authentication activity on your account. If you see suspicious activity here, you can click the "Report" link to submit a helpdesk ticket.