Overview
Learn why Okta sometimes presents a number when going through the verification process.
Environment
Okta Verify mobile app, Okta SSO sign-in screen
Troubleshooting/Resolution
The Okta Verify number challenge is a security feature that prompts you to enter a randomly generated number to verify your device as you sign into a JMU service. The way it works is simple.
- You will receive a Push Notification from Okta Verify
- A number will appear on the sign-in screen, prompting you to "confirm the number on your Okta Verify App"
- Once opening the Okta App on your mobile device a set of three distinct numbers are displayed
- After selecting the correct number that matches the one on the sign-in screen, you are successfully authenticated
The number challenge helps prevent phishing by ensuring that you have both Okta Verify and the device you are using to sign in. While this challenge is uncommon, it is based on Okta's Risk Scoring. Risk Scoring uses a data-driven risk engine to determine whether a sign-in event is likely to represent malicious activity. Okta assigns a risk level to each sign-in attempt by evaluating information such as:
- The IP address used to make the sign-in request
- Behavioral information about a user who made the sign-in request
- Previous successful and failed sign-in attempts
- Routing information associated with the request
Behavior Detection enables JMU IT to configure policies to track specific behavior and define an action to take if there is a change in the tracked behavior for an end user. For example, if someone is trying to authenticate from an IP, never used before by this specific user. This feature provides administrators with the flexibility to determine which behaviors they would like to add to a policy.
Additional Information or Notes
For additional questions you can contact the IT Help Desk at 540-568-3555 or at helpdesk@jmu.edu.