Okta FastPass

Okta Verify Setup

What is Okta?

Okta is all about secure authentication and single sign on with adaptive Multi-Factor Authentication (MFA).  Adaptive MFA inspects your login against a risk profile based on factors like your device name, location etc and determines whether you need an MFA prompt.  It's also a phishing resistant authentication system (more info is available at the end of this KB article).

Why Okta?

Access to our network via VPN is one of our greatest risks which we can mitigate by adding adaptive MFA to our connection process.  Okta is a well know, trusted authentication suite that allows us to connect to more cloud systems with Single Sign On (SSO).  This will reduce the need for additional passwords, making our environment safer.  Okta also provides a unified portal for your web logins to seamlessly connect you to other systems.  There's also an automation module that we'll me using later for O365 license management.

How do I install Okta?

There are 3 components to installing Okta Verify.
  1. The web portal setup & enrolment.
  2. The mobile app setup.
  3. The laptop app connected to a biometric ID.
To begin the Okta setup, first install the Okta Verify mobile app from the Google play store or Apple store.  Once installed, launch on your phone.

    The laptop app should be preinstalled on your laptop - if not you can install it manually by going to z:\software\okta.

    Lastly, enrol your fingerprint (or your face) in Windows Hello.  
    1. Start - Settings - Accounts - Sign-in options - Windows Hello Fingerprint.  (if you're bold, choose face if your laptop has an IR camera) 

    1. This process is intuitive & once you've followed the bouncing ball of Get started, you'll successfully enrol a finger for quick login.

    How do I setup Okta Verify for my user account?

    You will receive an initial email, welcoming you to setup your account.  Click the link to get started & click Okta Verify on the web page.

     From the Okta verify mobile app on your phone:
    1. Android: Choose Get started / Add account / Organisation (or click the +)
      1. Skip adding from other device, Yes, Ready to scan.
      2. Allow access to your camera.
    2. IOS:  click the plus button and select Organisation.
      1. Press skip on the next screen, press Yes, Ready to scan.
      2. Allow access to your camera.
    3. Scan the QR code with your phone.
    4. Allow notifications, skip security questions and a secondary email – these can be added later.
    5. Once we have set you up with your Okta login, we recommend migrating existing MFA codes to Okta Verify and making this the one app for all your MFA needs

    Okta Verify on your PC:

    1. Launch Okta Verify (Blue and white circle with a blue tick on your desktop)
    2. Click on Get Started then Next 
        

    3. Under new account enter:  mipac.okta.com.  then click Next.


    4. You will then be prompted to login via a web browser to Okta.  Tick the box to Keep me signed in and enter your Mipac email address, then click Next.


    5. In the next window select the field for password and enter your computer/Office365 password
      .

    6. You will then be prompted to enable Windows Hello confirmation.  Click Enable.  If you haven't set this up, you will see the following popup set up Windows Hello.


    7. Once complete your account should then be listed in the okta verify app.


    8. Install the browser plugins.
      1. Chrome: https://chrome.google.com/webstore/detail/okta-browser-plugin/glnpjglilkicbckjpbgcfkogebgllemb?hl=en
      2. Safari: https://apps.apple.com/us/app/okta-extension-app/id1439967473
      3. Firefox: https://addons.mozilla.org/en-US/firefox/addon/okta-browser-plugin/
      4. Edge: https://microsoftedge.microsoft.com/addons/detail/okta-browser-plugin/ncoafaeidnkeafiehpkfoeklhajkpgij 

    9. Once the plugins are installed, on each browser you use, click on the plugin icon on the top of your browser, and select configure.
      1. Enable the 2 options in the settings and click on Allow. 
      2. Another window may pop up. Press allow again here, then close the tab.

    Using Okta

    To verif the Okta install is complete on your laptop, go to https://mipac.okta.com on your laptop and authenticate.  It should take you to a dashbaord showing a couple of web portals. 

    When prompted select to use Okta FastPass and you should then be logged in successfully. 
    If you haven't already, install the browser plugins for Chrome and/or Edge as this will also make the experience much friendlier.

    Now you just need to log into the okta console on a daily basis.  As you save logins to your system you will see your dashboard fill up and become much more useful like so:

    If there is a common web app that you feel is used my more than just yourself that may be useful, then please log a ticket with the details.
    The Okta Authenticator will soon be added to our VPN for MFA authentication so it's important you have it setup even if you don't use the web portal.

    What are the benefits of using Okta?

    Okta gives you a single, customisable portal to centrally logon and then SSO into your other web-based apps.  As we provision more webapps/webpages they will appear for users in the dashboards & you can also add apps into the portal as needed.  Using dynamic rules and integration with CrowdStrike we can adjust the MFA prompts based on your location and specific criteria.  E.g. geo-location, your device, antivirus patch level, OS etc.  If you're at home, on your work laptop, there should be no MFA prompts after initial authentication with Okta, as your laptop is trusted, and your IP address has been learned.  If a login with your account occurs from Germany, Okta will force an MFA challenge.  Gradually we will increase the apps that we are covering with this.  

    This tightened security will make our company network more secure and assist us with passing security or insurance audits.