Setup Multi-Factor Authentication in Okta with Authy

With Multi-Factor Authentication (also known as MFA or 2-Step Verification), you add an extra layer of security to your account. 

After you set it up, you’ll sign in to your account in two steps using:

  • Something you know (your password)
  • Something you have (like your phone)

Important: If any sites prompt you to use "Google Authenticator" for Multi-Factor Authentication (also known as MFA, 2-Step Verification, or 2FA), note that you can always substitute the Authy app instead. Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, secure cloud-based backups, and easier account recovery should you change or lose your phone or device. More information on the features of Authy is available.

To setup Multi-Factor Authentication (MFA) for Okta with Authy, follow these steps. 

Authy is a bit more technical to setup than Google Authenticator, but can be a significant help if you have multiple devices (phones, laptops, tablets), or if you need to change devices. 

  1. On your computer, navigate to a website or service that requires Multi-Factor Authentication (MFA), such as https://checkmyokta.com/.
  2. Enter your username and password. Click the Sign In button.

  3. When presented with a prompt to set up Multi-Factor Authentication (MFA), click "Setup" under the SMS Authentication option first. This is helpful if you lose, break, or replace your phone.

  4. Type in a phone number where you can receive SMS messages (text messages) and click "Send code".

  5. Check your mobile device. Enter the 6-digit code that was texted to you and click "Verify".

  6. Click "Setup" under the Google Authenticator option.
    Remember that when any site prompts you to use "Google Authenticator" for Multi-Factor Authentication (MFA), you will be using the Authy app instead.

  7. If you will be using an iPhone as your secondary device to help you get logged in, select iPhone. Otherwise, select Android.
    If you're not sure which option to choose, select Android.

  8. If you don't already have it installed, pause here and install the Authy app on your mobile device (instead of Google Authenticator). Links to the iOS App Store (for Apple products), Google Play Store (for Android and Samsung devices), Windows or Mac, and Linux are available. The YouTube video at https://youtu.be/EBdPzv75i3A?t=82 is a quick walk-through of how to set up Authy.

  9. Open the Authy app on your mobile device.

  10. In Authy, enter your phone number and your email address to create your Authy account.

  11. Receive via SMS (text) message the registration code (or obtain it by phone call) and enter it into Authy to verify your new Authy account.

  12. In Authy, click Add Account. 
    1. On iOS (iPhone), click the red + sign at the bottom of the screen in Authy to add a new MFA account for Okta. 
    2. On Android & Samsung devices, tap the "…" icon in the upper right corner to open the menu, and select the Add Account option.
    3. On the Authy Desktop app, click the + (plus) sign in the upper right corner.
  13. Create a Authy Backups Password when prompted.
  14. Use your mobile device to scan the QR Code displayed by Okta, then click Next.

  15. In Authy, feel free to choose a new icon and rename the MFA token name for Okta.com: givename.surname@cru.org, if you like. Something like "Okta" should be sufficient.

  16. Authy needs no internet connection to generate a time-based code, but it does require an accurate time on your mobile device. The Authy app will generate a 6-digit, time-based code on your mobile device.
  17. Enter the 6-digit code that was generated by Authy into Okta and click Verify

  18. If all went well, you are now setup to use Multi-Factor Authentication and should be signed into the website or service you were attempting to access!


Adding a additional devices (optional)

You will want to add a secondary device to access Authy.  This device will serve as a backup in case you lose access to your primary device.  The 2nd device can be either a mobile device or the Authy desktop application.  In the case that you do not have a 2nd device, please make sure to keep your phone number updated within the Authy application and follow the instructions below for Disable Multi-device.

Once you have Authy installed on the 2nd device do the following:

Authy Desktop - Additional Device

  1. Enable Multi-Device on one of your devices that already has Authy configured.  (see below)
  2. Open Authy Desktop on the new device.
  3. Enter mobile phone number used during the initial setup.
  4. Click Next.
  5. Click Existing Device to indicate verification method.
  6. Switch to the Initial Authy Device.
  7. There should be a prompt asking for the new device to be authorized.  Type OK and then click or tap OK.

Authy on Android or iOS - Additional Device

  1. Open Authy on the new device.
  2. Enter mobile phone number used during the initial setup.
  3. Touch or click OK.
  4. Touch or click ADD NEW DEVICE.
  5. Enter a name for the device and touch or click ADD DEVICE.
  6. Switch to the Initial Authy Device.
  7. There should be a prompt asking for the new device to be authorized.  Type OK and then click or tap OK.

You may need to click on an existing two factor token listed and enter the backup password you provided during the initial setup of Authy to access the tokens from this new device.


Disable/Enable Multi-device (recommended, not required)

This keeps people from being able to hack into your Authy - even if they get your Authy password

Open Authy on any of your devices and perform the following instructions.

Authy Desktop

  1. Click Settings on the main screen.
  2. Click Devices.
  3. Click Disable next to Multi-device (or Enable if you want to add new devices))

Authy on Android or iOS

  1. Tap Settings under the mobile app menu.
  2. Tap Devices.
  3. Slide the switch to disable setting for “Allow multi-device” (or Enable if you want to add new devices))

This will prevent the adding of new devices which could be added by hijacking your phone number.  

You will must Enable Multi-Device before you add a new device.  Disable Multi-Device once you’ve added the new device(s).

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us