The Okta Verify number challenge is a security feature that prompts you to enter a randomly generated number to verify your device as you sign into a JMU service. You may have received this process when:
- Receiving a Push Notification from Okta Verify
- Having a number appear in the sign-in instructions, prompting you to confirm the number on your Okta Verify App
- Once opening the Okta App on the correct device, a set of three distinct numbers are displayed
- After selecting the correct number that matches the one in the sign-in instructions, you are successfully authenticated
The number challenge helps prevent phishing by ensuring that you have both Okta Verify and the device you are using to sign in. While this challenge is uncommon, it is based on Okta's Risk Scoring. Risk Scoring uses a data-driven risk engine to determine whether a sign-in event is likely to represent malicious activity. Okta assigns a risk level to each sign-in attempt by evaluating information such as:
- The IP address used to make the sign-in request
- Behavioral information about a user who made the sign-in request
- Previous successful and failed sign-in attempts
- Routing information associated with the request
Behavior Detection enables JMU IT to configure policies to track specific behavior and define an action to take if there's a change in the tracked behavior for an end user. For example, if someone is trying to authenticate from an IP, never used before by this specific user. This feature provides administrators with the flexibility to determine which behaviors they would like to add to a policy.