NIH | National Cancer Institute | NCI Wiki  

  • Created by Unknown User (kennedykd), last modified on May 06, 2019

Note: For NIH users (anyone with an e-mail address that ends in "@mail.nih.gov") Okta has been directly connected to iTrust. You will not need to follow all the steps below. Once you have entered your email address on the CTRP Strap log-in screen, you will be directed to iTrust for authentication and redirected to the site once completed.

Multiple Factor Authentication Support

Okta has the same options for multifactor authentication as DUO, but you will need to set it up the first time you login to CTRP STRAP.

First-Time Login and Set-up Steps

Upon initial login to CTRP STRAP, you will be required to answer a few security related questions for identification verification purposes.  Detailed description of the steps that will be necessary are below. 

For existing CTRP STRAP users, the change in authentication service will have minor impact, as your username and password remain the same.

To access CTRP STRAP after the Okta transition:

  1. Click on the Acknowledge and Continue button on the  login screen.   
       
  2. You will be taken to the Sign In screen. Please note that your username and password for CTRP STRAP remain the same.

  3. Enter your email address. Then click the blue “Next” button. Note: If you are a NIH user, this will send you to iTrust. Follow that authentication to gain access to CTRP STRAP.
  4. For non-NIH users, you will see a pop-up balloon indicating that you have not logged in with Okta before. (“This is the first time you are connecting to bioappdev.okta.com from this browser”.) Enter your password (same as previously used with Auth0/DUO) and click the blue “Sign In” button.

  5. The Okta “Set up multifactor authentication” window appears next. There are 3 choices, each with a ‘Setup’ button directly under the description of the method:

    ●     Okta Verify - "Use a push notification sent to the mobile app."     

    ●     SMS Authentication - "Enter a single-use code sent to your mobile phone."

    ●     Voice Call Authentication - "Use a phone to authenticate by following voice instructions."

     

  6. Choose the method you would like to use by clicking the ‘Setup’ button directly under your choice.
  7. The following sections of this document define the steps needed for each of the different methods. Please see the section that correlates to your authentication choice. Note: You may choose more than one authentication method. For example, this provides you the opportunity to connect your account with your cell phone (Okta Verify app) and your office phone (Voice Call Authentication), even if they are two different numbers. Please see the section entitled “Two Factor Option: Multiple Methods”.
  8. Once you have completed the setup for your chosen authentication method, click on the ‘Finish’ button.
  9. Next, you will see a window asking you to choose a forgot password question. Please choose a question and enter your answer. This will only be used to verify your identity prior to starting the recover password process, if necessary.

  10. Once you have completed the forgot password entry, you will be logged in to the application.
  11. The next time you click on the Acknowledge and Continue button of CTRP STRAP, you will see the initial login screen again asking for your username. Once you enter your username and click “Next”, you will see a security image above the password textbox. This security image provides extra verification that you are accessing the correct page and account. This image is randomly selected when your account is activated but should be the same each time you enter your username. (If you ever see an unfamiliar image, do not enter your password. Please contact the CTRP Engineering Support mailbox, CTRP_Support@mail.nih.gov, for assistance.

Two Factor Method: Okta Verify

  1. Clicking on this choice brings up the “Setup Okta Verify” window. In this window, “Select your device type” by clicking the icon that matches the brand of mobile phone that you will be using. (If you would like to go back and choose a different authentication method, click on “Back to factor list” located in the bottom left-hand corner of the center window.)


  2. When you click on the brand icon, the window will expand at the bottom to display instructions to “Install Okta Verify”.


  3. Okta Verify is a mobile app that needs to be downloaded to your cell phone. The window contains a link to your cell phone brand’s app store page for Okta Verify. This will allow you to easily identify Okta Verify in your app store  to download on your cell phone.


  4. Once the app is downloaded, click on the blue “Next” button on your computer and tap on the “Add Account” button in your cell phone app. (If asked, allow the app to access your cell phone camera and allow it to send push notifications).

  5. The Okta app will open a camera screen, and your computer screen will display a QR code (square-shaped barcode).


  6. Point your cell phone towards your computer screen and align the cell phone camera display with the square of the QR code.

  7. The Okta Verify app will scan the QR code and connect your cell phone to your Okta account. You will see a new entry in the connections list in your cell phone app.

  8. On your computer, you will be directed back to the “Setup Multifactor Authentication” screen.

  9. While initially you will be logged into your account following these steps, the next time you log into your account, you will be using a “push” to authenticate. Please take note of the following steps:

         ●     When you enter your username and password, you will see a window for Okta Verify with a button to “Send Push”. Click on this button and a “push” pop-up alert will be sent to the app on your mobile phone asking you to approve the connection.

         ●     Tap on the “Approve” button to authenticate.

         ●     Following the authentication, the application will load.

         ●     The next time you log in to the application, an Okta Verify window will appear asking whether to send a push to the phone number on record. 

    ●     Click to proceed with the push, then tap on “Approve” in the popup alert from the Okta Verify app.


  10. Return to Step 8 in “First-Time Login Steps” to finish setup.

Two-Factor Method: SMS Authentication


  1. Clicking on this choice brings up a window that allows the user to set up their account to “Receive a code via SMS to authenticate”.
  2. Use the dropdown picklist to choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the Phone number text box.
  3. Enter the phone number of the mobile phone that you would like to use and then click on the blue “Send code” button. (If you would like to go back and choose a different authentication method, click “Back to factor list” located in the bottom left-hand corner of the center window.)


  4. Next, a text message with a code will be sent to the phone number provided, and you will see a text box on the screen.
  5. Enter the code in the textbox and submit it.
  6. Following the authentication, CTRP STRAP will load.
  7. The next time you login to CTRP STRAP, a SMS Authentication window will appear asking to approve the sending of a text message to the number provided (With the exception of the last 4 digits, the number will be masked).
  8. Check your cell phone for the text message, then enter the code received on your phone into the textbox on the screen.
  9. Return to Step 8 in “First-Time Login Steps” to finish setup.

Two Factor Method: Voice Call Authentication

  1. Clicking on this choice brings up a window that allows the user to set up their account to “Follow phone call instructions to authenticate”.

  2. Use the dropdown picklist to choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the Phone number text box.


  3. Enter the phone number of the mobile phone that you would like to use. Fill in your extension in the “Extension” textbox, if applicable.

  4. Next, click on the blue ‘Call’ button. (If you would like to go back and choose a different authentication method, click “Back to factor list” located in the bottom left-hand corner of the center window.)

  5. Next, a phone call will be initiated to the phone number provided with a recorded message. Follow the instructions on the message, then hang up.

  6. Following the authentication, CTRP STRAP will load.

  7. The next time you log in to CTRP STRAP, a Voice Call window will appear asking to approve a phone call to the number provided (With the exception of the last 4 digits, the number will be masked).

  8. Click to approve the phone call, then answer the phone call and follow the instructions.

  9. Return to Step 8 in “First-Time Login Steps” to finish setup.

Two-Factor : Multiple Methods

It is possible to set up more than one of the authentication methods. While only one method is needed for each login, and each type authentication may only be associated with one phone number, this configuration allows some flexibility for users who want the option of using two different phone numbers.


Here are some examples of how this might be used:

 - Okta Verify Authentication (cell phone), Voice Call Authentication (office phone).

User sets up Okta Verify authentication to send pushes to their cell phone and sets up Voice Call Authentication to their office phone number. If the user does not have cell service in their office, they can use their office phone to authenticate, and they can authenticate via Okta Verify push on their cell phone if they are away from their office.

 - SMS Authentication (personal cell phone), Okta Verify Authentication (work cell phone).

User sets up Okta Verify Authentication to send pushes their company-issued cell phone and sets up SMS Authentication to their personal cell phone. The user does not wish to install an app on their personal cell phone, but would like to have a backup method of authentication in case of any changes to their work cell phone number.

- Okta Verify Authentication (cell phone), SMS Authentication (cell phone), Voice Call Authentication (office phone).


User wishes to have several methods for authentication, especially since their day-to-day schedule is extremely varied. This allows the user to choose the method that best suits their situation at login time.


  1. Determine the configuration that best fits your situation and decide which of the authentication methods that you want to use and which phone number you want to use with each.

  2. Follow the earlier instructions in this document for the first login. When you get to the point of choosing an authentication method, select the first method on your list. Follow the instructions in this document for that method and connect it to your chosen phone number and complete the verification.

  3. Before logging in completely, click on “Back to factor list” in the lower left-hand corner of the window that indicates going back to the selection screen.

  4. Choose the next authentication method on your list and follow the instructions for that method.

  5. If you would like to choose a third method, click on “Back to factor list” in the lower left-hand corner to go back to the selection screen. When you have completed all setup configurations, you may log in to CTRP STRAP.

  6. Return to Step 8 in “First-Time Login Steps” to finish setup. Note that if you have set up all 3 methods, you will not be routed back the “Setup multifactor authentication window”; instead you will need to set up your security question and then you will be logged in to CTRP STRAP.

Note: The next time you log into the application, one of the authentication methods will be selected by default, but you may choose another method you have set up. Click on the down-arrow icon next to the Okta symbol in the window and choose a different authentication method from the picklist.


 




  • No labels