NIH | National Cancer Institute | NCI Wiki  

Error rendering macro 'rw-search'

null

Versions Compared

Old Version 5

changes.mady.by.user Freund, Jeremy (NIH/NCI) [C]

Saved on

compared with

New Version 6

changes.mady.by.user Freund, Jeremy (NIH/NCI) [C]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Okta Setup for New User Accounts

What is OKTA?

Okta is the multifactor authentication service provider for our applications. Multifactor authentication is used to provide additional security beyond just entering a username and password: authentication is accomplished by either responding to an alert on a cell phone, pressing a key in answer to a recorded phone call, or entering a code received via text message or phone call.

Even if you already use Okta for other programs, you will still need to set up Okta for your new account the first time you log in. Every user has an Okta profile that facilitates the authentication of the user into their accounts on the applications. Previously, the login process for NIH internal users displayed only the iTrust login screens, without the option to login using the Okta profile username and password.

Important Note:

To prevent any problems during the login process please make sure that you disable your browser popup blocker that may be preventing the application from opening the login page. After doing so, please refresh the application page.

For the latest instructions on disabling your browser popup blocker, please follow the links below:

Chrome: How to change popup blocker settings in Chrome

Firefox: How to change popup blocker settings in Firefox

Safari: How to change popup blocker settings in Safari

The links above are subject to change based on the latest browser versions. If you continue to experience problems with your browser popup blocker, please contact your IT support department. Alternatively you can also reach out to our application support team(s) as follows:

Adult Matchbox: matchbox-support@nih.gov
Pediatric Matchbox: ped-match-support@nih.gov

STRAP: ctrp_support@nih.gov

CTRP: ctrp_support@nih.gov

DLAP: dlap_support@mail.nih.gov

CSMS: csms-support@nih.gov


First-Time Login Steps - NIH Users

Note: For NIH users (anyone with an email that ends in NIH). Okta can utilize iTrust for authentication, so you do not need to set up authentication through Okta Verify. However, you can choose to do so as an alternative login.

To access a new account with Okta authentication:

  1. Go to the Login URL for the application and click on the applicable button on the application’s login screen. For most applications, it is a blue button that reads “Acknowledge and Continue”.
  2. Click on the ‘Login With iTrust’ button.
  3. You will see the iTrust screen. Use your PIV card or enter your NIH USERNAME and NIH PASSWORD. This will log you into the system.




Image Modified

First-Time Login Steps - Non-NIH Users

To access a new account with Okta authentication:

  1. Go to the Login URL for the application and click on the applicable button on the application’s login screen. For most applications, it is a blue button that reads “Acknowledge and Continue”. 
  2. This will go to the page for the authorization provider, Okta. Please click on the link ‘Need help signing in?’ located just below the blue ‘Next’ button.
  3. Please click on the link ‘Reset OKTA Password’.
  4. Enter your email address, then click on the blue ‘Reset via Email’ button.
  5. You will receive an email from Okta with a link to change your password. Please click on the link and follow the steps. The screen will instruct you regarding password requirements.
  6. Once you have set your password, you will finish at the Okta dashboard. Please click on the drop-down arrow next to your name (located in the blue navigation bar at the top of the screen next to the person icon), then click on ‘Sign out’ link.

Image Removed

  1. Click on the button on the application’s Login page again, enter your username, and click ‘Next’. You may also click the “Remember me” button if you choose. This will store and pre-populate you username the next time you log in. Click ‘Next’.
  2. Most users will see a popup balloon indicating a first time login using Okta. Enter your new password.
  3. Okta “Set up multifactor authentication” window. There are 3 choices, each with a ‘Setup’ button directly under the description of the method:
    • Okta Verify - “Use a push notification sent to the mobile app.”
    • SMS Authentication - “Enter a single-use code sent to your mobile phone.”
    • Voice Call Authentication - “Use a phone to authenticate by following voice instructions.”
  4. Choose the method you would like to use by clicking the ‘Setup’ button directly under your choice. 
  5. The following sections of this document define the steps needed for each of the different methods. Please see the section that correlates to your authentication choice and return to this point in the document. ** Note: You may choose more than one of the above authentication options. Please see the section entitled “Two Factor Option: Multiple Methods”.
  6. Once you have completed the setup for your chosen authentication method(s), click on the ‘Finish’ button. 
  7. The next time you login, you will also see a security image above the username textbox once you have entered your username. It is randomly selected when your account is activated but should be the same every time you enter your username. (If you see an unfamiliar image, do not enter your password. Please contact our support desk for help.)


Image Added

Image Added

Image Added

Two Factor Option: Okta Verify

  1. Clicking on this choice brings up the “Setup Okta Verify” window. In this window, “Select your device type” by clicking the brand icon for your mobile phone. The window will expand at the bottom to display instructions to “Install Okta Verify”. 
  2. Okta Verify is a mobile app that needs to be downloaded to your cell phone. The window contains a link to your cell phone brand’s app store page for Okta Verify. This will allow you to easily identify Okta Verify in your app store so that you can download it to your cell phone. 
  3. When you have downloaded the app, click on the blue “Next” button on your computer and tap on the “Add Account” button in your cell phone app. (If asked, allow the app to access your cell phone camera and allow it to send push notifications). 
  4. The Okta app will open a camera screen, and your computer screen will display a QR code (square-shaped barcode). 
  5. Point your cell phone towards your computer screen and align the cell phone camera display with the square of the QR code. 
  6. The Okta Verify app will scan the QR code and connect your cell phone to your Okta account. You will see a new entry in the connections list in your cell phone app.
  7. On your computer, you will be directed back to the “Setup Multifactor Authentication” screen.
  8. While initially you will be logged into your account from these steps, the next time you log into your account, you will be using a “push” to authenticate. Please take note of the following steps, then return to Step 10 in “First-Time Login Steps”:
  • When you enter your username and password, you will see a window for Okta Verify with a button to “Send Push”. Click on this button and a “push” pop-up alert will be sent to the app on your mobile phone asking you to approve the connection. 
  • Tap on the “Approve” button to authenticate. 
  • Following the authentication, the application will load.
  • The next time you log in to the application, an Okta Verify window will appear asking whether to send a push to the phone number on record. 
  • Click to proceed with the push, then tap on “Approve” in the popup alert from the Okta Verify app.


Image Added

Image Added

Two-Factor Option: SMS Authentication

  1. Clicking on this choice brings up a window that allows the user to set up their account to “Receive a code via SMS to authenticate”. 
  2. Use the dropdown picklist to choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the Phone number text box. 
  3. Enter the phone number of the mobile phone that you would like to use and then click on the blue ‘Send code’ button. (If you would like to go back and choose a different authentication method, click on the text “Back to factor list” located in the bottom left-hand corner of the center window.)
  4. Then, a text message with a code will be sent to the phone number listed, and you will see a text box on the screen. 
  5. Enter the code in the textbox and submit it. The application will load.
  6. The next time you log in to the application, an SMS Authentication window will appear asking to approve the sending of a text message to the number entered (most of the number will be masked, with the exception of the last 4 digits). 
  7. Check your cell phone for the text message, then enter the code received on your phone into the textbox on the screen. Return to Step 10 in “First-Time Login Steps”.




Image Added

Two Factor Option: Voice Call Authentication

  1. Clicking on this choice brings up a window that allows the user to set up their account to “Follow phone call instructions to authenticate”. 
  2. Use the dropdown picklist to choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the Phone number text box. 
  3. Enter the phone number of the mobile phone that you would like to use, and fill in your extension in the “Extension” textbox if applicable. 
  4. Next, click on the blue ‘Call’ button. (If you would like to go back and choose a different authentication method, click on the text “Back to factor list” located in the bottom left-hand corner of the center window.) 
  5. Then, a phone call will be initiated to the phone number with a recorded message. Follow the instructions on the message, then hang up.
  6. Following the authentication, the application will load.
  7. The next time you log in to the application, a Voice Call window will appear asking to approve a phone call to the number entered (most of the number will be masked, with the exception of the last 4 digits). 
  8. Click to approve the phone call, then answer the phone call and follow the instructions. Return to Step 10 in “First-Time Login Steps”.



Image Added

Image Removed