Manual Chapter :
Enrolling Factors and Signing in with Okta MFA
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 15.1.10, 15.1.9
Enrolling Factors and Signing in with Okta MFA
End-users can register a new device during the MFA enrollment after login
with primary authentication. Subsequent logins go straight to the option(s) configured
where the user is authenticated by Okta MFA using Push, TOTP, or Yubikey. When the user
enrolls with more than one factor, a drop-down list displays all the factors available
for selection. When the user enters a wrong OTP code, the agent follows the fallback
branch. Depending on the
Lock out
settings in the Okta console,
Okta locks the user out after unsuccessful attempts. The first time you attempt to access (and are not yet enrolled), the system
presents a list of available factors. You can select only one factor here but can set up
an additional factor after successfully enrolling the first one.
Okta Verify
:
Allows you to scan QR code and add an account or enroll your device using additional
factors without scanning QR code. Push and TOTP variations of Okta Verify are displayed
as a single factor. You can enroll in Push a TOTP with a QR code, e-mail, or SMS. You
can enroll in TOTP by scanning a QR code or by entering a secret code in the Okta Verify
app and then activating the factor by providing a one-time password.When the Push factor is enrolled, the system polls the Okta server
until you accept the push notification in the Okta Verify app. The
Subroutine Timeout
in per-request
policies limits the time you have to accept the push notification.YubiKey
:
Allows you to use YubiKey to deliver a unique password each time it is activated. To
specify YubiKey for authentication, administrators upload the YubiKey Configuration file
generated through the YubiKey Personalization Tool. For details, refer to the Create a YubiKey Configuration File
section on the Okta website.