Chief Operating Officer Portfolio

Setting up Okta MFA

How do I complete my initial MFA setup with Okta?

When you’re invited to join the UQ Okta MFA system, you’ll receive a ‘Welcome to Okta’ email from UQ. This email includes a link to activate your Okta account and start the setup process.

The steps will differ slightly depending on whether you are using a UQ-managed device assigned to you (not shared) or a personal (unmanaged) device for your desktop or laptop to access UQ systems.

If you would like a Quick Reference Guide, click here.

If you are using an assigned, UQ-managed desktop or laptop:

  1. Open your ‘Welcome to Okta’ email.
  2. Click on the ‘Activate your Okta account’ button to begin setting up your account.
  3. Install Okta Verify on your mobile device or smartphone from the App Store (iOS) or Google Play (Android).
  4. Open the Okta Verify app and follow the instructions. ‘Scan the QR code’ shown on your computer when prompted. It will link your account and register your device. (Also see ‘What if I can’t scan the Okta QR code?’)
  5. Okta FastPass will now be enabled on your UQ-managed device, supporting passwordless login. FastPass uses your computer’s local security (e.g. passcode, fingerprint or face ID) for future logins.

Note: Even if you use FastPass on a UQ-managed device, it is recommended you keep Okta Verify installed on your mobile device or smartphone. You may need it again if you switch devices, access UQ systems from a personal computer or are asked to re-verify your identity for security reasons.

If you are using a personal (unmanaged) desktop or laptop:

  1. Open your ‘Welcome to Okta’ email.
  2. Click on the ‘Activate your Okta account’ button to begin setting up your account.
  3. Install Okta Verify on your mobile device or smartphone. You’ll need to install the Okta Verify app from the App Store (iOS) or Google Play (Android).
  4. Open the Okta Verify app and follow the instructions. ‘Scan the QR code’ shown on your computer when prompted. It will link your account and register your device. (Also see ‘What if I can’t scan the Okta QR code?’)
  5. You’ll use the Okta Verify app on your mobile device or smartphone to approve login requests when you sign in to UQ systems.
Top of page

What if I can’t scan the Okta QR code?

If you’re unable to scan the QR code during set up:

  1. Click on the ‘Can’t Scan?’ button underneath the QR code image.
  2. You’ll receive an email titled ‘Okta Verify Push registration’.
  3. Click on the ‘Activate your Okta account’ link in the email. The link in the email expires after a short time, so be sure to complete the activation promptly.
  4. This will open the Okta Verify app (if installed). If it’s not installed, you’ll be directed to download it first.
  5. When the app opens, follow the prompts to enable account activation. Tap ‘Done’ to complete the registration.
  6. Once activated, return to your browser to finalise any remaining steps.

If you would like a Quick Reference Guide, click here.

Top of page

How do I register a new phone or device for Okta MFA?

If you need to register a mobile device or smartphone, or have lost or can no longer access the mobile device or smartphone you originally registered for Okta, use one of the following options:

Add new device for Okta Verify MFA

  1. Go to your Okta Account Settings
  2. Select ‘Security methods’ from the left-hand menu
  3. Under the ‘Okta Verify’ section, select ‘+ Set up another’. This will allow you to register a new mobile device.
  4. Enter your UQ account password when prompted.
  5. After successful confirmation of your password you will see a ‘Set up security methods’ setup assistant.
  6. Select ‘Okta Verify -> Set up now’.
  7. Install Okta Verify on your new mobile device or smartphone from the App Store (iOS) or Google Play (Android).
  8. Open the Okta Verify app and follow the instructions. When prompted, scan the QR code shown on your computer. You have now successfully linked your account to your registered device.
  9. You will receive an email confirming you have successfully activated a new device.
  10. If there are any devices listed under ‘Security methods’ that you no longer use, select ‘Remove’ so that is can no longer be used to access your account.

If you would like a Quick Reference Guide, click here.

Top of page

Why am I receiving prompts for Duo when using remote access VPN?

During the Okta Pilot, certain applications like VPN will continue to use Duo as an Identity Provider and Multifactor Provider (see list below). For most other UQ platforms, Okta will handle multifactor authentication.

Applications that will continue to use Duo during the Pilot include:

  • Microsoft RDP (ITS, EAIT)
  • SSH (IMB, RCC-HPC, EAIT, ITS-RCC)
  • ITS IS PALO
Top of page

How do I set up MFA if my device is not compatible with Okta, or if I want to use another app during the Pilot?

If your device is not compatible with Okta, or you need to use an alternative app (such as Google Authenticator), please contact the IAM Project team and they can assist you with opting out of the Okta Pilot.

Top of page

How do I remove a phone or registered device from Okta Verify?

Go to your Okta Account Settings.

  1. Select ‘Security methods’ from the left-hand menu.
  2. Under the ‘Okta Verify’ section, click on the ‘Remove’ button beside the device you want to deregister.
  3. You will be prompted to confirm you want to continue with de-registration of Okta Verify for that device. Click on ‘Yes’.
  4. Okta Verify will send you a push notification to confirm that you are initiating the action. Click ‘Yes, it’s me’ and complete the prompts.
  5. You have now successfully removed your device from Okta Verify.
  6. You will receive an email confirming you have deactivated your device.
Top of page

How do I activate MFA for multiple accounts?

If you have both a student and staff account, you will need to set up Okta MFA for both accounts. You will receive a ‘Welcome to Okta’ email for each account (e.g. if you are both a staff and student at UQ, you will receive an email for each).

When setting up MFA on your second account, your browser will need to be logged in with the account that requires MFA activation. To ensure you are logged in with the correct account, use one of the following solutions:

  1. Open a private or incognito browsing window.
  2. Set up a separate profile in your web browser, by following these instructions Google Chrome or Microsoft Edge.
  3. Open a different web browser than you would normally use (e.g. Firefox, Chrome, Edge).
  4. Using the new browser window, follow the FAQ instructions ‘How do I complete my initial MFA setup with Okta?

Okta supports using the same phone number on multiple UQ accounts. Only one account will be shown in the Okta mobile app, when using the same phone number.

If you would like a Quick Reference Guide, click here.

Top of page

How do I set up Okta MFA with a YubiKey?

A YubiKey may be provided where there is an accessibility or mobility-related requirement. Please contact the IAM Project team to discuss your options and instructions for setup.

Top of page

How do I generate a temporary bypass code for MFA?

Self-service temporary bypass codes are not available for the Pilot. They will be introduced during the full Okta rollout in 2026. If you require a temporary bypass code, please contact the IAM Project team.

Top of page

Contact

 

Support

 

Quick Links

 Lost or damaged devices

 About Okta MFA