HITS - Okta Verify Multi-Factor Authentication


Overview

Multi-Factor Authentication: Getting started

Introduction

What is Okta Verify

Table of Contents
University of Michigan and Michigan Medicine use Okta Verify for multi-factor authentication (MFA) to protect U-M systems, data, and your personal information. MFA services confirm your identity after you enter your password, using push notifications, biometrics, or a phone call on a mobile app, landline, or a hardware token. Do not approve any MFA notification you did not request. 

Okta Verify Account Management: Log in to manage your U-M Okta account

 

person with checkmarkEligibility

Who uses MFA?

All U-M and Michigan Medicine faculty, staff, and students are required to use multi-factor authentication to access institutional systems and data. 

 

Device Compatibility:

MFA works with smartphones, tablets, hardware tokens, and landlines. Most modern devices are supported.

 

cloud with key Installation or Access Instructions

 

Enroll in Multi-Factor Authentication (Okta Verify)

 

  1. Go to oktaverify.umich.edu on your computer.
  2. Scan the applicable QR code and install the Okta Verify app on your mobile device. Alternatively, open the app store on your mobile device, search for Okta Verify, and install the app.
  3. Click Enroll your UMICH account on your computer.
  4. Log in with your uniqname and UMICH password and complete Duo multi-factor authentication.
  5. Choose from the available options: Scan the QR code with your mobile device, or click the option to get the link by SMS. Continue with the applicable steps below.
    QR Code
  1. After scanning the QR code, tap Get Started on your mobile device.
  2. If installed on your device, Okta will ask if you want to enable biometrics such as face or fingerprint ID. If desired, tap Enable. Otherwise, tap Not Now.
  3. Continue following the prompts until you have successfully enrolled.

Reference: KB0031073 

 

Using Multi-Factor Authentication (Okta Verify)

 

  1. When logging in to Michigan Medicine systems, enter your uniqname and UMICH password.
  2. When prompted by Okta Verify for identity confirmation, choose one of the following:
    • Mobile App: Select the number in your mobile that matches the number presented on the login page. 
    • Hardware Token: Enter the code generated by your token.
  3. If you receive a MFA prompt you did not initiate, deny the request and change your password immediately. Log in to manage your U-M Okta account
 
 

 

thumbs up with plus signBenefits

Multi-Factor Benefits
Feature Description
Account Security Protects your UMICH account even if your password is stolen or guessed.
Multiple Authentication Methods Use a mobile app, phone call, or hardware token for identity confirmation.
Immediate Alerts Get notified instantly if someone tries to access your account.
Compliance Meets Michigan Medicine’s security and privacy requirements for sensitive data and systems.
Self-Service Management Easily enroll, manage, or update your account or devices through the User Profile page.

booksAdditional Resources

speech bubble with question FAQs

 

Q: What should I do if I get an MFA prompt I didn’t request? 

 

A: Deny the request (select 'Cancel the Sign-In Attempt'), change your Michigan Medicine password right away, and report the incident to the Service Desk at 734-936-8000.

 

Q: Can I use more than one device for MFA?

 

A: Yes! You can register multiple devices (e.g., phone and tablet) for backup.

  

Q: How do I update or change my authentication method?

 

A: Visit the self-service portal to manage your devices or contact the IT Help Center for help.

 

Q: What services require Okta Verify?

 

This list is extensive and includes (but is not limited to):

  • Wolverine Access (and several other campus services)
  • VPN (Cisco AnyConnect)
  • Microsoft 365 (Outlook, Office Apps, Teams, SharePoint) 
  • Intune

 

Q: When I sign into the VPN, it sits for a long time and the login fails. 

 

A: The VPN is waiting for you to accept the Okta push it sent to your primary Okta device. After a period of time it will time out and that's what causes the login failed message to appear.

 

Q: Is there a difference between Okta for EPCS and a standard Okta account?

 

A: Yes. EPCS is used by providers to prescribe controlled substances (it stands for Electronic Prescribing for Controlled Substances). The account used for EPCS is separate than the standard account you use for normal MFA. For assistance enrolling in Okta for EPCS, contact your unit/departments local EPCS Liaison. EPCS Liaison information is available on SharePoint.

 

Q: Can I use Okta without using a mobile device or phone call? 

 

A: For those who cannot use the Okta Verify mobile app or landline options, Okta Hardware Tokens provide an alternative method for two-factor authentication. The Okta Hardware Token is a standalone hardware device that generates a passcode as needed for U-M systems and resources. Hardware token purchases are funded by Information and Technology Services (ITS). These are available by request through the Tech Shop or via HITS Help Me Now locations.

 

 

Q: What if I lose my device or token?

 

A: Contact the IT Help Center for assistance with resetting your MFA settings. Visit Enroll Okta Hardware Token for steps to acquire and configure a new token. 

 

 

If you have any questions or need help with MFA, please contact the IT Help Center. We’re here to keep your account secure!