What is OKTA?
Okta is the multifactor authentication service provider for NCIs CTRP and Precision Medicine applications. Multifactor authentication is used to provide additional security beyond just entering a username and password: authentication is accomplished by either responding to an alert on a cell phone, pressing a key in answer to a recorded phone call, or entering a code received via text message or phone call.
Even if you already use Okta for other programs, you will still need to set up Okta for your new account the first time you log in. Every user has an Okta profile that facilitates the authentication of the user into their accounts on the applications. Previously, the login process for NIH internal users displayed only the iTrust login screens, without the option to login using the Okta profile username and password.
Important Note:
To prevent any problems during the login process, make sure that the browser popup blocker is disabled. A popup blocker may preventing the application from opening the login page.
See the following for instructions on disabling popup blockers for various browsers:
Browser | Guide |
---|---|
Chrome | How to change popup blocker settings in Chrome |
Firefox | How to change popup blocker settings in Firefox |
Safari | How to change popup blocker settings in Safari |
For additional support contact your IT Support department or one of the NCI's various application support teams below:
Application | Support Email address |
---|---|
STRAP | ctrp_support@nih.gov |
CTRP | ctrp_support@nih.gov |
DLAP | dlap_support@mail.nih.gov |
CSMS | csms-support@nih.gov |
Adult Matchbox | matchbox-support@nih.gov |
Pediatric Matchbox: | ped-match-support@nih.gov |
Creating your Okta account:
- In the email notification received from Okta, select the "Activate Okta Account" button. This will launch the Okta account creation page.
- On the Create your National Cancer Institute - Prod account page, follow the steps to create a password and choose a security image. Select the "Create My Account" button.
- The Okta “Set up multifactor authentication” window launches next displaying the three multifactor authentication methods available:
● Okta Verify - "Use a push notification sent to the mobile app."
● SMS Authentication - "Enter a single-use code sent to your mobile phone."
● Voice Call Authentication - "Use a phone to authenticate by following voice instructions."
- Choose "Setup" on the desired authentication method.
Setting up Okta multifactor authentication:
The following sections define the different Okta multifactor authentication methods available. A user account can use any/all of these methods. Please see the section titled “Two Factor Option: Multiple Methods” for additional information on using multiple multifactor authentication methods.
Two Factor Method: Okta Verify
On the “Setup Okta Verify” window, select the brand of mobile phone being used and select "Next". You will then be prompted by Okta to download the Okta Verify app. (Select "Back to factor list" to choose a different authentication method).
Okta will display a notification to download the Okta Verify app from the manufacturers App Store. Download the app on the mobile phone to continue configuring Okta Verify.
Once the Okta Verify app is downloaded on the mobile device, select “Next” in Okta, and tap on the “Add Account” button in the Okta Verify mobile app. (If asked, allow the app to access your mobile phone camera and allow it to send push notifications).
The Okta Verify app will open a camera screen, and your computer screen will display a QR code (square-shaped barcode).
Capture the QR code with your mobile phone.
The Okta Verify app will scan the QR code and connect the mobile phone to your Okta account. An "Account Added" confirmation will display in Okta, and a new entry in the "Connections" tab will be added in the Okta Verify app.
Okta will return to the “Set up multifactor authentication” page.
- Select "Finish", or continue to setup additional multifactor authentication methods if desired.
Any subsequent logins to Okta will will use a “push” to authenticate. Please take note of the following steps:
● Upon entering a username and password, a window for Okta Verify with a button to “Send Push” will be displayed. Selcting "Send Push" will send an alert to the Okta Verify app on the mobile device configured with the Okta account to approve the login request.
● In the Okta Verify app, tap on the “Approve” button to authenticate.
● Following the authentication, the application will load.
Two-Factor Method: SMS Authentication
- On the "SMS Authentication" window, select "Setup".
- Use the dropdown picklist to choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the Phone number text box. (Select "Back to factor list" to choose a different authentication method).
- Enter the phone number of the desired mobile phone, select “Send code”.
- A text message stating "Your verification code is xxxxxx." will be sent to the phone number provided.
- Enter the code in the "Enter Code" textbox and select "Verify".
- Select "Finish" or continue to setup additional multifactor authentication methods if desired.
Any subsequent logins to Okta will use SMS Authentication to authenticate. An SMS Authentication window will appear asking to approve the sending of a text message to the number provided (With the exception of the last 4 digits, the number will be masked).
Two Factor Method: Voice Call Authentication
On the “Follow phone call instructions to authenticate” window, choose the country of your location (United States is selected by default). The choice of country automatically populates the appropriate country code prefix for the "Phone number" text box. (Select "Back to factor list" to choose a different authentication method).
Enter the phone number and extension (if applicable), select “Call”.
A phone call will be initiated to the phone number provided with a recorded message.
Enter the code given and click the "Verify" button.
Select "Finish" or continue to setup additional multifactor authentication methods if desired.
Any subsequent logins to Okta will use Voice Call Authentication to authenticate. A Voice Call window will appear asking to approve a phone call to the number provided (With the exception of the last 4 digits, the number will be masked).
Two-Factor : Multiple Methods
It is possible to set up more than one of the authentication methods. While only one method is needed for each login, and each type of authentication may only be associated with one phone number, this configuration allows some flexibility for users who want the option of using two different phone numbers.
Here are some examples of how this might be used:
- Okta Verify Authentication (mobile phone), Voice Call Authentication (office phone).
User sets up Okta Verify authentication to send push notifications to their mobile phone, and sets up Voice Call Authentication to their office phone number. If the user does not have mobile service in their office, they can use their office phone to authenticate, and they can authenticate via Okta Verify push on their mobile phone if they are away from their office.
- SMS Authentication (personal mobile phone), Okta Verify Authentication (work mobile phone).
User sets up Okta Verify Authentication to send push notifications to their company-issued mobile phone, and sets up SMS Authentication to their personal mobile phone. The user does not wish to install an app on their personal mobile phone, but would like to have a backup method of authentication in case of any changes to their work mobile phone number.
- Okta Verify Authentication (mobile phone), SMS Authentication (mobile phone), Voice Call Authentication (office phone).
User wishes to have several methods for authentication, especially since their day-to-day schedule is extremely varied. This allows the user to choose the method that best suits their situation at login time.
Determine the configuration that best fits your situation and decide which of the authentication method(s) that you want to use, and which phone number you want to use with each.
When the Okta “Set up multifactor authentication” window launches, configure the desired multifactor authentication per the instructions above.
The next time you log into the application, one of the authentication methods will be selected by default, but you may choose another method you have set up. Click on the down-arrow icon next to the Okta symbol in the window and choose a different authentication method from the picklist.
Okta Password Expiration
As with most user profile passwords, Okta passwords require periodic updating to maintain compliance with security policy. NIH Users also need to update their Okta password as per the update schedule, even if they choose to only use iTrust to login to the applications.
Users will receive an email alerting them when it is time to update their Okta password.
Reset Okta Password
IF:
- You receive a notice informing you that your Okta password is expiring (All users), or
- You forget your Okta password and want to use it to login (All users)
THEN:
- You will need to reset your Okta password
To reset your Okta password use one of the following methods:
- Shortcut to the password reset page at: https://bioappdev.okta.com/signin/forgot-password
- Go to the application’s Login Page and reset your password using the instructions in this document titled “First Time Login Steps: Non-NIH Users”.
Reset iTrust Password
To change the iTrust password:
- If you have forgotten your NIH ITRUST PASSWORD, you may reset it using a link from the application. From the Login URL, click on the blue button, then click on the ‘Need help signing in?’ link underneath the username text box
- Next, click on the ‘Reset iTrust Password’ link. This will take you to the NIH password reset module.
NOTE: When you reset your password using this link from the MATCHbox or STRAP application, it will be reset for all NIH logins.